BUG: Bad page state in process syz.2.1806 pfn:ab652
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002b6529b0 pfn:0xab652
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002b6529b0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942768126800, free_ts 6922500215400
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16342 tgid 16342 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
vfree+0x1b6/0xc88 mm/vmalloc.c:3361
delayed_vfree_work+0x58/0x7a mm/vmalloc.c:3282
process_one_work+0x956/0x1dae kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Not tainted 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ae2f7
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xae2f7
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942768005500, free_ts 6922668954700
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 24 tgid 24 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
run_ksoftirqd kernel/softirq.c:927 [inline]
run_ksoftirqd+0xce/0x144 kernel/softirq.c:919
smpboot_thread_fn+0x654/0xb98 kernel/smpboot.c:164
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ae2f6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e2f6600 pfn:0xae2f6
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002e2f6600 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767887000, free_ts 6922912620400
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18905 tgid 18905 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
free_pages.part.0+0x26a/0x4cc mm/page_alloc.c:4833
free_pages+0xe/0x18 mm/page_alloc.c:4830
tlb_batch_list_free mm/mmu_gather.c:159 [inline]
tlb_finish_mmu+0x20c/0x7e6 mm/mmu_gather.c:468
exit_mmap+0x36c/0xbea mm/mmap.c:1877
__mmput kernel/fork.c:1347 [inline]
mmput+0x122/0x3e2 kernel/fork.c:1369
exit_mm kernel/exit.c:571 [inline]
do_exit+0x902/0x2986 kernel/exit.c:926
do_group_exit+0xd4/0x26c kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__riscv_sys_exit_group+0x4a/0x54 kernel/exit.c:1097
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:98b0f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x98b0f
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767768400, free_ts 6922499537000
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16342 tgid 16342 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
vfree+0x1b6/0xc88 mm/vmalloc.c:3361
delayed_vfree_work+0x58/0x7a mm/vmalloc.c:3282
process_one_work+0x956/0x1dae kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:98b0e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x98b0e
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767649200, free_ts 6922935139100
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9aa97
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9aa97
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767531800, free_ts 6922937997000
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9aa96
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9aa96
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767412800, free_ts 6922933818500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:af1f5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xaf1f5
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767292300, free_ts 6922669162900
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 24 tgid 24 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
run_ksoftirqd kernel/softirq.c:927 [inline]
run_ksoftirqd+0xce/0x144 kernel/softirq.c:919
smpboot_thread_fn+0x654/0xb98 kernel/smpboot.c:164
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:af1f4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002f1f4f50 pfn:0xaf1f4
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002f1f4f50 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767168100, free_ts 6922942911100
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:aea9d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xaea9d
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942767048800, free_ts 6922912807500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18905 tgid 18905 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
free_pages.part.0+0x26a/0x4cc mm/page_alloc.c:4833
free_pages+0xe/0x18 mm/page_alloc.c:4830
tlb_batch_list_free mm/mmu_gather.c:159 [inline]
tlb_finish_mmu+0x20c/0x7e6 mm/mmu_gather.c:468
exit_mmap+0x36c/0xbea mm/mmap.c:1877
__mmput kernel/fork.c:1347 [inline]
mmput+0x122/0x3e2 kernel/fork.c:1369
exit_mm kernel/exit.c:571 [inline]
do_exit+0x902/0x2986 kernel/exit.c:926
do_group_exit+0xd4/0x26c kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__riscv_sys_exit_group+0x4a/0x54 kernel/exit.c:1097
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:aea9c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002ea9de00 pfn:0xaea9c
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002ea9de00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766928100, free_ts 6923527240100
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
free_pages.part.0+0x26a/0x4cc mm/page_alloc.c:4833
free_pages+0xe/0x18 mm/page_alloc.c:4830
tlb_batch_list_free mm/mmu_gather.c:159 [inline]
tlb_finish_mmu+0x20c/0x7e6 mm/mmu_gather.c:468
exit_mmap+0x36c/0xbea mm/mmap.c:1877
__mmput kernel/fork.c:1347 [inline]
mmput+0x122/0x3e2 kernel/fork.c:1369
exit_mm kernel/exit.c:571 [inline]
do_exit+0x902/0x2986 kernel/exit.c:926
do_group_exit+0xd4/0x26c kernel/exit.c:1088
get_signal+0x1e98/0x23b0 kernel/signal.c:2917
arch_do_signal_or_restart+0x8d6/0x1190 arch/riscv/kernel/signal.c:437
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x2a6/0x31e kernel/entry/common.c:218
do_trap_ecall_u+0x86/0x216 arch/riscv/kernel/traps.c:345
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9daad
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x9daad
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766810000, free_ts 6922912977000
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18905 tgid 18905 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
free_pages.part.0+0x26a/0x4cc mm/page_alloc.c:4833
free_pages+0xe/0x18 mm/page_alloc.c:4830
tlb_batch_list_free mm/mmu_gather.c:159 [inline]
tlb_finish_mmu+0x20c/0x7e6 mm/mmu_gather.c:468
exit_mmap+0x36c/0xbea mm/mmap.c:1877
__mmput kernel/fork.c:1347 [inline]
mmput+0x122/0x3e2 kernel/fork.c:1369
exit_mm kernel/exit.c:571 [inline]
do_exit+0x902/0x2986 kernel/exit.c:926
do_group_exit+0xd4/0x26c kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__riscv_sys_exit_group+0x4a/0x54 kernel/exit.c:1097
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9daac
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001daacdc0 pfn:0x9daac
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001daacdc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766691000, free_ts 6923527489100
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
free_pages.part.0+0x26a/0x4cc mm/page_alloc.c:4833
free_pages+0xe/0x18 mm/page_alloc.c:4830
tlb_batch_list_free mm/mmu_gather.c:159 [inline]
tlb_finish_mmu+0x20c/0x7e6 mm/mmu_gather.c:468
exit_mmap+0x36c/0xbea mm/mmap.c:1877
__mmput kernel/fork.c:1347 [inline]
mmput+0x122/0x3e2 kernel/fork.c:1369
exit_mm kernel/exit.c:571 [inline]
do_exit+0x902/0x2986 kernel/exit.c:926
do_group_exit+0xd4/0x26c kernel/exit.c:1088
get_signal+0x1e98/0x23b0 kernel/signal.c:2917
arch_do_signal_or_restart+0x8d6/0x1190 arch/riscv/kernel/signal.c:437
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x2a6/0x31e kernel/entry/common.c:218
do_trap_ecall_u+0x86/0x216 arch/riscv/kernel/traps.c:345
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:adfff
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002dfffc80 pfn:0xadfff
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002dfffc80 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766573000, free_ts 6922196654300
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18908 tgid 18908 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
__free_slab+0xc8/0x16e mm/slub.c:2649
free_slab+0x38/0x1ae mm/slub.c:2672
discard_slab+0x42/0x5a mm/slub.c:2678
__slab_free+0x346/0x3f6 mm/slub.c:4491
do_slab_free mm/slub.c:4532 [inline]
___cache_free+0x1a6/0x1e0 mm/slub.c:4638
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x76/0x16c mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
__do_kmalloc_node mm/slub.c:4264 [inline]
__kmalloc_noprof+0x24a/0x4e4 mm/slub.c:4277
kmalloc_noprof include/linux/slab.h:882 [inline]
tomoyo_realpath_from_path+0xb8/0x64a security/tomoyo/realpath.c:251
tomoyo_get_realpath security/tomoyo/file.c:151 [inline]
tomoyo_path_perm+0x28e/0x45e security/tomoyo/file.c:822
tomoyo_inode_getattr+0x1e/0x28 security/tomoyo/hooks.h:97
security_inode_getattr+0x12a/0x2fe security/security.c:2371
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:adffe
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002dfffc00 pfn:0xadffe
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002dfffc00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766452800, free_ts 6923544377300
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18388 tgid 18388 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ace27
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xace27
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766332200, free_ts 6922499651500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16342 tgid 16342 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
vfree+0x1b6/0xc88 mm/vmalloc.c:3361
delayed_vfree_work+0x58/0x7a mm/vmalloc.c:3282
process_one_work+0x956/0x1dae kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ace26
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xace26
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766201400, free_ts 6923545200600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18388 tgid 18388 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9dec5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x9dec5
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942766075600, free_ts 6923546529800
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18388 tgid 18388 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9dec4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001dec5080 pfn:0x9dec4
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001dec5080 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765929200, free_ts 6923547349200
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18388 tgid 18388 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9d607
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001d6079b0 pfn:0x9d607
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001d6079b0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765812300, free_ts 6925915629200
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18910 tgid 18910 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9d606
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001d606440 pfn:0x9d606
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001d606440 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765695000, free_ts 6922499989500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16342 tgid 16342 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
vfree+0x1b6/0xc88 mm/vmalloc.c:3361
delayed_vfree_work+0x58/0x7a mm/vmalloc.c:3282
process_one_work+0x956/0x1dae kernel/workqueue.c:3229
process_scheduled_works kernel/workqueue.c:3310 [inline]
worker_thread+0x5be/0xdc6 kernel/workqueue.c:3391
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a8ee9
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000000000002 pfn:0xa8ee9
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff60000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765575900, free_ts 6925948942300
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17001 tgid 17001 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
vfree+0x1b6/0xc88 mm/vmalloc.c:3361
copy_entries_to_user net/ipv6/netfilter/ip6_tables.c:882 [inline]
get_entries net/ipv6/netfilter/ip6_tables.c:1039 [inline]
do_ip6t_get_ctl+0x76c/0x91e net/ipv6/netfilter/ip6_tables.c:1677
nf_getsockopt+0x6e/0xd2 net/netfilter/nf_sockopt.c:116
ipv6_getsockopt+0x240/0x2ce net/ipv6/ipv6_sockglue.c:1493
tcp_getsockopt+0x84/0xd6 net/ipv4/tcp.c:4670
sock_common_getsockopt+0x86/0xb8 net/core/sock.c:3776
do_sock_getsockopt+0x37a/0x5ea net/socket.c:2391
__sys_getsockopt+0x100/0x1b6 net/socket.c:2420
__do_sys_getsockopt net/socket.c:2430 [inline]
__se_sys_getsockopt net/socket.c:2427 [inline]
__riscv_sys_getsockopt+0xa6/0x114 net/socket.c:2427
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a8ee8
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000028ee9e00 pfn:0xa8ee8
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff60000028ee9e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765458100, free_ts 6922940797600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a9217
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xa9217
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765338600, free_ts 6933702538200
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18388 tgid 18388 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a9216
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000029217e00 pfn:0xa9216
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff60000029217e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765211900, free_ts 6935903750800
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18891 tgid 18891 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9aa93
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x9aa93
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942765092800, free_ts 6932779102600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18939 tgid 18939 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
__free_slab+0xc8/0x16e mm/slub.c:2649
free_slab+0x38/0x1ae mm/slub.c:2672
discard_slab+0x42/0x5a mm/slub.c:2678
__slab_free+0x346/0x3f6 mm/slub.c:4491
do_slab_free mm/slub.c:4532 [inline]
___cache_free+0x1a6/0x1e0 mm/slub.c:4638
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x76/0x16c mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
__do_kmalloc_node mm/slub.c:4264 [inline]
__kmalloc_node_noprof+0x232/0x522 mm/slub.c:4271
kmalloc_node_noprof include/linux/slab.h:905 [inline]
__vmalloc_area_node mm/vmalloc.c:3624 [inline]
__vmalloc_node_range_noprof+0x36e/0x1450 mm/vmalloc.c:3828
alloc_thread_stack_node kernel/fork.c:314 [inline]
dup_task_struct kernel/fork.c:1115 [inline]
copy_process+0x365c/0x8e32 kernel/fork.c:2206
kernel_clone+0x11e/0x92c kernel/fork.c:2787
__do_sys_clone+0xe4/0x118 kernel/fork.c:2930
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9aa92
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001aa93e00 pfn:0x9aa92
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001aa93e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764968900, free_ts 6932779102600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18939 tgid 18939 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
__free_slab+0xc8/0x16e mm/slub.c:2649
free_slab+0x38/0x1ae mm/slub.c:2672
discard_slab+0x42/0x5a mm/slub.c:2678
__slab_free+0x346/0x3f6 mm/slub.c:4491
do_slab_free mm/slub.c:4532 [inline]
___cache_free+0x1a6/0x1e0 mm/slub.c:4638
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x76/0x16c mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
__do_kmalloc_node mm/slub.c:4264 [inline]
__kmalloc_node_noprof+0x232/0x522 mm/slub.c:4271
kmalloc_node_noprof include/linux/slab.h:905 [inline]
__vmalloc_area_node mm/vmalloc.c:3624 [inline]
__vmalloc_node_range_noprof+0x36e/0x1450 mm/vmalloc.c:3828
alloc_thread_stack_node kernel/fork.c:314 [inline]
dup_task_struct kernel/fork.c:1115 [inline]
copy_process+0x365c/0x8e32 kernel/fork.c:2206
kernel_clone+0x11e/0x92c kernel/fork.c:2787
__do_sys_clone+0xe4/0x118 kernel/fork.c:2930
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:97efd
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x97efd
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764850600, free_ts 6932779866500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18939 tgid 18939 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
__free_slab+0xc8/0x16e mm/slub.c:2649
free_slab+0x38/0x1ae mm/slub.c:2672
discard_slab+0x42/0x5a mm/slub.c:2678
__slab_free+0x346/0x3f6 mm/slub.c:4491
do_slab_free mm/slub.c:4532 [inline]
___cache_free+0x1a6/0x1e0 mm/slub.c:4638
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x76/0x16c mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
__do_kmalloc_node mm/slub.c:4264 [inline]
__kmalloc_node_noprof+0x232/0x522 mm/slub.c:4271
kmalloc_node_noprof include/linux/slab.h:905 [inline]
__vmalloc_area_node mm/vmalloc.c:3624 [inline]
__vmalloc_node_range_noprof+0x36e/0x1450 mm/vmalloc.c:3828
alloc_thread_stack_node kernel/fork.c:314 [inline]
dup_task_struct kernel/fork.c:1115 [inline]
copy_process+0x365c/0x8e32 kernel/fork.c:2206
kernel_clone+0x11e/0x92c kernel/fork.c:2787
__do_sys_clone+0xe4/0x118 kernel/fork.c:2930
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:97efc
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000017efde00 pfn:0x97efc
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff60000017efde00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764731300, free_ts 6932779866500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18939 tgid 18939 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
__free_slab+0xc8/0x16e mm/slub.c:2649
free_slab+0x38/0x1ae mm/slub.c:2672
discard_slab+0x42/0x5a mm/slub.c:2678
__slab_free+0x346/0x3f6 mm/slub.c:4491
do_slab_free mm/slub.c:4532 [inline]
___cache_free+0x1a6/0x1e0 mm/slub.c:4638
qlink_free mm/kasan/quarantine.c:163 [inline]
qlist_free_all+0x76/0x16c mm/kasan/quarantine.c:179
kasan_quarantine_reduce+0x158/0x1ba mm/kasan/quarantine.c:286
__kasan_slab_alloc+0x5c/0x82 mm/kasan/common.c:329
kasan_slab_alloc include/linux/kasan.h:247 [inline]
slab_post_alloc_hook mm/slub.c:4086 [inline]
slab_alloc_node mm/slub.c:4135 [inline]
__do_kmalloc_node mm/slub.c:4264 [inline]
__kmalloc_node_noprof+0x232/0x522 mm/slub.c:4271
kmalloc_node_noprof include/linux/slab.h:905 [inline]
__vmalloc_area_node mm/vmalloc.c:3624 [inline]
__vmalloc_node_range_noprof+0x36e/0x1450 mm/vmalloc.c:3828
alloc_thread_stack_node kernel/fork.c:314 [inline]
dup_task_struct kernel/fork.c:1115 [inline]
copy_process+0x365c/0x8e32 kernel/fork.c:2206
kernel_clone+0x11e/0x92c kernel/fork.c:2787
__do_sys_clone+0xe4/0x118 kernel/fork.c:2930
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a9e8d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x31 pfn:0xa9e8d
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000031 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764612700, free_ts 6940797167800
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a9e8c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x30 pfn:0xa9e8c
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000030 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764495000, free_ts 6940797650600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ae1f3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e1f3000 pfn:0xae1f3
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002e1f3000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764377100, free_ts 6940798494500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ae1f2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e1f2dc0 pfn:0xae1f2
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002e1f2dc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764251800, free_ts 6940303820200
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 24 tgid 24 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
run_ksoftirqd kernel/softirq.c:927 [inline]
run_ksoftirqd+0xce/0x144 kernel/softirq.c:919
smpboot_thread_fn+0x654/0xb98 kernel/smpboot.c:164
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ad2e1
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002d2e1e58 pfn:0xad2e1
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002d2e1e58 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764133900, free_ts 6940798084500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ad2e0
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002d2e0d90 pfn:0xad2e0
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002d2e0d90 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942764012100, free_ts 6940798882400
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ac2d3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x21 pfn:0xac2d3
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000021 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763892100, free_ts 6940802634600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ac2d2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x20 pfn:0xac2d2
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000020 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763772200, free_ts 6940799262400
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9de23
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x9de23
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763651500, free_ts 6941283772200
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 3146 tgid 3146 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
skb_free_frag include/linux/skbuff.h:3399 [inline]
skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
skb_release_all net/core/skbuff.c:1190 [inline]
__kfree_skb+0x46/0x68 net/core/skbuff.c:1204
tcp_rcv_established+0xff2/0x2592 net/ipv4/tcp_input.c:6147
tcp_v4_do_rcv+0x68a/0xbaa net/ipv4/tcp_ipv4.c:1915
sk_backlog_rcv include/net/sock.h:1113 [inline]
__release_sock+0x106/0x36e net/core/sock.c:3072
release_sock+0x5c/0x1c8 net/core/sock.c:3626
tcp_sendmsg+0x3e/0x4e net/ipv4/tcp.c:1358
inet_sendmsg+0x9c/0xda net/ipv4/af_inet.c:853
sock_sendmsg_nosec net/socket.c:729 [inline]
__sock_sendmsg+0xcc/0x160 net/socket.c:744
sock_write_iter+0x2a0/0x3ba net/socket.c:1165
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0x4d4/0x9b4 fs/read_write.c:683
ksys_write+0x1f0/0x266 fs/read_write.c:736
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9de22
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001de22c00 pfn:0x9de22
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001de22c00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763526500, free_ts 6940305420800
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 24 tgid 24 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
run_ksoftirqd kernel/softirq.c:927 [inline]
run_ksoftirqd+0xce/0x144 kernel/softirq.c:919
smpboot_thread_fn+0x654/0xb98 kernel/smpboot.c:164
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ac193
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2cf pfn:0xac193
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 00000000000002cf 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763405400, free_ts 6941446538700
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 3146 tgid 3146 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
skb_free_frag include/linux/skbuff.h:3399 [inline]
skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
skb_release_all net/core/skbuff.c:1190 [inline]
__kfree_skb+0x46/0x68 net/core/skbuff.c:1204
tcp_rcv_established+0xff2/0x2592 net/ipv4/tcp_input.c:6147
tcp_v4_do_rcv+0x68a/0xbaa net/ipv4/tcp_ipv4.c:1915
sk_backlog_rcv include/net/sock.h:1113 [inline]
__release_sock+0x106/0x36e net/core/sock.c:3072
release_sock+0x5c/0x1c8 net/core/sock.c:3626
tcp_sendmsg+0x3e/0x4e net/ipv4/tcp.c:1358
inet_sendmsg+0x9c/0xda net/ipv4/af_inet.c:853
sock_sendmsg_nosec net/socket.c:729 [inline]
__sock_sendmsg+0xcc/0x160 net/socket.c:744
sock_write_iter+0x2a0/0x3ba net/socket.c:1165
new_sync_write fs/read_write.c:590 [inline]
vfs_write+0x4d4/0x9b4 fs/read_write.c:683
ksys_write+0x1f0/0x266 fs/read_write.c:736
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ae1f1
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002e1f1c80 pfn:0xae1f1
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002e1f1c80 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763283200, free_ts 6940813897500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18914 tgid 18914 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
free_pages.part.0+0x26a/0x4cc mm/page_alloc.c:4833
free_pages+0xe/0x18 mm/page_alloc.c:4830
tlb_batch_list_free mm/mmu_gather.c:159 [inline]
tlb_finish_mmu+0x20c/0x7e6 mm/mmu_gather.c:468
exit_mmap+0x36c/0xbea mm/mmap.c:1877
__mmput kernel/fork.c:1347 [inline]
mmput+0x122/0x3e2 kernel/fork.c:1369
exit_mm kernel/exit.c:571 [inline]
do_exit+0x902/0x2986 kernel/exit.c:926
do_group_exit+0xd4/0x26c kernel/exit.c:1088
__do_sys_exit_group kernel/exit.c:1099 [inline]
__se_sys_exit_group kernel/exit.c:1097 [inline]
__riscv_sys_exit_group+0x4a/0x54 kernel/exit.c:1097
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:97eff
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000017effc80 pfn:0x97eff
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff60000017effc80 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763154100, free_ts 6940803461300
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 16932 tgid 16932 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:aaf87
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xaaf87
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942763030800, free_ts 6940304808900
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 24 tgid 24 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
run_ksoftirqd kernel/softirq.c:927 [inline]
run_ksoftirqd+0xce/0x144 kernel/softirq.c:919
smpboot_thread_fn+0x654/0xb98 kernel/smpboot.c:164
kthread+0x28c/0x3a6 kernel/kthread.c:389
ret_from_fork+0xe/0x18 arch/riscv/kernel/entry.S:326
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:aaf83
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xaaf83
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942762892700, free_ts 6925915425900
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18910 tgid 18910 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq kernel/softirq.c:588 [inline]
invoke_softirq kernel/softirq.c:428 [inline]
__irq_exit_rcu+0x188/0x372 kernel/softirq.c:637
irq_exit_rcu+0x10/0xf8 kernel/softirq.c:649
handle_riscv_irq+0x40/0x4c arch/riscv/kernel/traps.c:378
call_on_irq_stack+0x32/0x40 arch/riscv/kernel/entry.S:355
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ab091
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002b091e88 pfn:0xab091
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002b091e88 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942762468000, free_ts 6923527716600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 18907 tgid 18901 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__free_pages+0x13c/0x1bc mm/page_alloc.c:4820
free_pages.part.0+0x26a/0x4cc mm/page_alloc.c:4833
free_pages+0xe/0x18 mm/page_alloc.c:4830
tlb_batch_list_free mm/mmu_gather.c:159 [inline]
tlb_finish_mmu+0x20c/0x7e6 mm/mmu_gather.c:468
exit_mmap+0x36c/0xbea mm/mmap.c:1877
__mmput kernel/fork.c:1347 [inline]
mmput+0x122/0x3e2 kernel/fork.c:1369
exit_mm kernel/exit.c:571 [inline]
do_exit+0x902/0x2986 kernel/exit.c:926
do_group_exit+0xd4/0x26c kernel/exit.c:1088
get_signal+0x1e98/0x23b0 kernel/signal.c:2917
arch_do_signal_or_restart+0x8d6/0x1190 arch/riscv/kernel/signal.c:437
exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
__syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
syscall_exit_to_user_mode+0x2a6/0x31e kernel/entry/common.c:218
do_trap_ecall_u+0x86/0x216 arch/riscv/kernel/traps.c:345
_new_vmalloc_restore_context_a0+0xc2/0xce
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9daf5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001daf5dc0 pfn:0x9daf5
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001daf5dc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942762073900, free_ts 6937445753000
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:af05c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002f05cc98 pfn:0xaf05c
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002f05cc98 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942761890300, free_ts 6937446318600
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:aea0c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002ea0c0d8 pfn:0xaea0c
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002ea0c0d8 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942761767100, free_ts 6937446732200
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:adffd
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0xadffd
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942761636500, free_ts 6937447140300
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:92e90
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000012e90000 pfn:0x92e90
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff60000012e90000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760798600, free_ts 6937447551300
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ad24d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002d24ddc0 pfn:0xad24d
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002d24ddc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760668500, free_ts 6937447952200
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a96fe
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff600000296fe400 pfn:0xa96fe
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff600000296fe400 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760546300, free_ts 6937448369400
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a96ff
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0xa96ff
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760419600, free_ts 6937448810500
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:ab650
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002b6505d0 pfn:0xab650
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002b6505d0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760297400, free_ts 6937449247400
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:a0071
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff60000020071000 pfn:0xa0071
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff60000020071000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760163400, free_ts 6937449676900
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9dec2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9dec2
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942760037900, free_ts 6937450131300
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9d513
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001d513220 pfn:0x9d513
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001d513220 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759913000, free_ts 6937450552800
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:adf81
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000002df81ca8 pfn:0xadf81
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000002df81ca8 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759792600, free_ts 6937452060400
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:acee6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff pfn:0xacee6
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: 00000000000000ff 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759671900, free_ts 6937452544100
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmalloc_restore_context_a0+0xc2/0xce
page last free pid 17449 tgid 17449 stack trace:
__reset_page_owner+0x8c/0x400 mm/page_owner.c:297
reset_page_owner include/linux/page_owner.h:25 [inline]
free_pages_prepare mm/page_alloc.c:1108 [inline]
free_unref_page+0x592/0xf08 mm/page_alloc.c:2638
__folio_put+0x1ae/0x22e mm/swap.c:126
folio_put include/linux/mm.h:1478 [inline]
free_page_and_swap_cache+0x1a8/0x1de mm/swap_state.c:308
__tlb_remove_table arch/riscv/include/asm/tlb.h:26 [inline]
__tlb_remove_table_free mm/mmu_gather.c:227 [inline]
tlb_remove_table_rcu+0x86/0xee mm/mmu_gather.c:282
rcu_do_batch kernel/rcu/tree.c:2567 [inline]
rcu_core+0xa24/0x1eac kernel/rcu/tree.c:2823
rcu_core_si+0xc/0x14 kernel/rcu/tree.c:2840
handle_softirqs+0x4a6/0x10de kernel/softirq.c:554
__do_softirq+0x12/0x1a kernel/softirq.c:588
Modules linked in:
CPU: 0 UID: 0 PID: 18955 Comm: syz.2.1806 Tainted: G B 6.12.0-rc1-syzkaller-00012-g5f153a692bac #0
Tainted: [B]=BAD_PAGE
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff80010a14>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:130
[<ffffffff85f7c3cc>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:136
[<ffffffff85fd797a>] __dump_stack lib/dump_stack.c:94 [inline]
[<ffffffff85fd797a>] dump_stack_lvl+0x122/0x196 lib/dump_stack.c:120
[<ffffffff85fd7a0a>] dump_stack+0x1c/0x24 lib/dump_stack.c:129
[<ffffffff808b0b06>] bad_page+0x268/0x2da mm/page_alloc.c:501
[<ffffffff808bcb18>] free_page_is_bad_report mm/page_alloc.c:908 [inline]
[<ffffffff808bcb18>] free_page_is_bad mm/page_alloc.c:918 [inline]
[<ffffffff808bcb18>] free_pages_prepare mm/page_alloc.c:1100 [inline]
[<ffffffff808bcb18>] free_unref_page+0x78a/0xf08 mm/page_alloc.c:2638
[<ffffffff808be53a>] page_frag_free+0x21c/0x268 mm/page_alloc.c:4971
[<ffffffff84c97152>] skb_free_frag include/linux/skbuff.h:3399 [inline]
[<ffffffff84c97152>] skb_free_head+0x1ce/0x2ec net/core/skbuff.c:1096
[<ffffffff84ca2952>] skb_release_data+0x6ec/0x86a net/core/skbuff.c:1125
[<ffffffff84cac65c>] skb_release_all net/core/skbuff.c:1190 [inline]
[<ffffffff84cac65c>] __kfree_skb net/core/skbuff.c:1204 [inline]
[<ffffffff84cac65c>] sk_skb_reason_drop+0x130/0x180 net/core/skbuff.c:1242
[<ffffffff84d1d4cc>] kfree_skb_reason include/linux/skbuff.h:1262 [inline]
[<ffffffff84d1d4cc>] __netif_receive_skb_core.constprop.0+0x650/0x4374 net/core/dev.c:5636
[<ffffffff84d213ae>] __netif_receive_skb_list_core+0x1be/0x75e net/core/dev.c:5737
[<ffffffff84d24b66>] __netif_receive_skb_list net/core/dev.c:5804 [inline]
[<ffffffff84d24b66>] netif_receive_skb_list_internal+0x64e/0xc36 net/core/dev.c:5895
[<ffffffff84d251ae>] netif_receive_skb_list net/core/dev.c:5947 [inline]
[<ffffffff84d251ae>] netif_receive_skb_list+0x60/0x634 net/core/dev.c:5937
[<ffffffff850c688a>] xdp_recv_frames net/bpf/test_run.c:279 [inline]
[<ffffffff850c688a>] xdp_test_run_batch.constprop.0+0x1244/0x1816 net/bpf/test_run.c:360
[<ffffffff850c7152>] bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
[<ffffffff850cb85c>] bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
[<ffffffff804ef2e2>] bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
[<ffffffff804ef2e2>] __sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
[<ffffffff804f35f2>] __do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
[<ffffffff804f35f2>] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
[<ffffffff804f35f2>] __riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
[<ffffffff8000f2d4>] syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
[<ffffffff85fd9c4a>] do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
[<ffffffff85ffcac6>] _new_vmalloc_restore_context_a0+0xc2/0xce
BUG: Bad page state in process syz.2.1806 pfn:9bcfa
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xff6000001bcfa6c8 pfn:0x9bcfa
flags: 0xffe000000000000(node=0|zone=0|lastcpupid=0x7ff)
raw: 0ffe000000000000 dead000000000040 ff6000002b4ee000 0000000000000000
raw: ff6000001bcfa6c8 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 18955, tgid 18954 (syz.2.1806), ts 6942759550900, free_ts 6937452958700
__set_page_owner+0xa2/0x70c mm/page_owner.c:320
set_page_owner include/linux/page_owner.h:32 [inline]
post_alloc_hook+0xec/0x1e4 mm/page_alloc.c:1537
prep_new_page mm/page_alloc.c:1545 [inline]
get_page_from_freelist+0xdaa/0x295a mm/page_alloc.c:3457
__alloc_pages_noprof+0x1e2/0x1eb6 mm/page_alloc.c:4733
alloc_pages_bulk_noprof+0x252/0x13d8 mm/page_alloc.c:4681
alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
__page_pool_alloc_pages_slow+0x18e/0xc50 net/core/page_pool.c:538
page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
page_pool_alloc_netmem+0xc0/0x158 net/core/page_pool.c:577
page_pool_alloc_pages+0x20/0x62 net/core/page_pool.c:597
page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
xdp_test_run_batch.constprop.0+0x362/0x1816 net/bpf/test_run.c:305
bpf_test_run_xdp_live+0x2f6/0x49e net/bpf/test_run.c:389
bpf_prog_test_run_xdp+0x7f6/0x15a8 net/bpf/test_run.c:1317
bpf_prog_test_run kernel/bpf/syscall.c:4247 [inline]
__sys_bpf+0xd14/0x42cc kernel/bpf/syscall.c:5652
__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]
__riscv_sys_bpf+0x6c/0x9e kernel/bpf/syscall.c:5739
syscall_handler+0x94/0x118 arch/riscv/include/asm/syscall.h:90
do_trap_ecall_u+0x1aa/0x216 arch/riscv/kernel/traps.c:331
_new_vmall