BUG: Bad page state in process syz-executor392  pfn:12191
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x12191
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239127096, free_ts 44208271836
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:12190
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888012196600 pfn:0x12190
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888012196600 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239119986, free_ts 44208271836
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2f7f7
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f7f7
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239112864, free_ts 44208514534
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2f7f6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f7f6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239100844, free_ts 44208514534
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2f7f5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f7f5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239094414, free_ts 44208514534
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2f7f4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f7f4
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239086979, free_ts 44208514534
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2f7f3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f7f3
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239079487, free_ts 44208514534
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2f7f2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2f7f2
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239071661, free_ts 44208514534
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5946 tgid 5946 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:24e75
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24e75
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239030055, free_ts 43994828258
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5941 tgid 5941 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 getname_flags.part.0+0x4c/0x550 fs/namei.c:139
 getname_flags include/linux/audit.h:322 [inline]
 getname+0x8d/0xe0 fs/namei.c:225
 do_sys_openat2+0x104/0x1e0 fs/open.c:1409
 do_sys_open fs/open.c:1430 [inline]
 __do_sys_openat fs/open.c:1446 [inline]
 __se_sys_openat fs/open.c:1441 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1441
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:24e74
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24e74
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239022840, free_ts 43994828258
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5941 tgid 5941 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 getname_flags.part.0+0x4c/0x550 fs/namei.c:139
 getname_flags include/linux/audit.h:322 [inline]
 getname+0x8d/0xe0 fs/namei.c:225
 do_sys_openat2+0x104/0x1e0 fs/open.c:1409
 do_sys_open fs/open.c:1430 [inline]
 __do_sys_openat fs/open.c:1446 [inline]
 __se_sys_openat fs/open.c:1441 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1441
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2cd6d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2cd6d
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239015315, free_ts 44032491521
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2482c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2482c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239008067, free_ts 44032497278
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2a912
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802a912e88 pfn:0x2a912
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff88802a912e88 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44239000437, free_ts 44032501314
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2f94c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880286cc280 pfn:0x2f94c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff8880286cc280 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238992638, free_ts 44032505270
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:30432
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30432
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238984970, free_ts 44032509510
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:28e6c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888028e6cd80 pfn:0x28e6c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888028e6cd80 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238977122, free_ts 44032512940
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2a7a1
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a7a1
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238969618, free_ts 44054456446
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:35309
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x35309
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238961633, free_ts 44054462860
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:20bf2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020bf2000 pfn:0x20bf2
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888020bf2000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238954570, free_ts 44054466216
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:26bb2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026bb2f00 pfn:0x26bb2
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888026bb2f00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238947412, free_ts 44054469543
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2fea6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2fea6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238940082, free_ts 44054473136
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:20ecb
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20ecb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238932683, free_ts 44054476655
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:231ca
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x231ca
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238925303, free_ts 44054480126
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:231cb
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x231cb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238917944, free_ts 44054483128
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2805e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2805e
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238911156, free_ts 44054486205
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2eb83
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x2eb83
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238904609, free_ts 44054489248
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:20bf0
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020bf6600 pfn:0x20bf0
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888020bf6600 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238897562, free_ts 44054492361
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:31868
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031868d80 pfn:0x31868
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888031868d80 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238890714, free_ts 44054495726
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:255af
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x255af
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238884725, free_ts 44054499362
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:349c6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x349c6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238878190, free_ts 44054503052
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:30b97
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30b97
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238870596, free_ts 44054509840
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:349c0
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880349c2200 pfn:0x349c0
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff8880349c2200 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238863613, free_ts 44054513026
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __folio_put+0x30d/0x3d0 mm/swap.c:126
 folio_put include/linux/mm.h:1478 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:34b2b
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x34b2b
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238856461, free_ts 44054516394
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 24 tgid 24 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 rcu_do_batch kernel/rcu/tree.c:2567 [inline]
 rcu_core+0x79d/0x14d0 kernel/rcu/tree.c:2823
 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554
 run_ksoftirqd kernel/softirq.c:927 [inline]
 run_ksoftirqd+0x3a/0x60 kernel/softirq.c:919
 smpboot_thread_fn+0x661/0xa30 kernel/smpboot.c:164
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:289c9
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x289c9
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238849308, free_ts 44066335838
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:289ca
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x289ca
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238842430, free_ts 44066344557
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:289cb
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x289cb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238834961, free_ts 44066349478
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:333f0
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880333f6000 pfn:0x333f0
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff8880333f6000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238828134, free_ts 44066353147
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:333f1
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x333f1
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238820575, free_ts 44066357450
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:333f2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x333f2
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238812737, free_ts 44066360953
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:333f3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x333f3
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238805570, free_ts 44066364436
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:27330
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888027334000 pfn:0x27330
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff888027334000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238798802, free_ts 44066368306
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:27331
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x27331
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238791856, free_ts 44066372441
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:27332
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27332
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238784961, free_ts 44066376644
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:27333
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27333
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238777626, free_ts 44066380174
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:35764
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35764
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238770825, free_ts 44066384009
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:35765
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35765
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238763677, free_ts 44066388025
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:35766
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35766
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238756443, free_ts 44066391641
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:35767
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x35767
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238749145, free_ts 44066395304
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2139c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802139c600 pfn:0x2139c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff88802139c600 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238742187, free_ts 44066399195
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2139d
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x2139d
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238735281, free_ts 44066403171
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy_v1+0x78/0x90 net/netfilter/xt_hashlimit.c:970
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:2139f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x2139f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238728087, free_ts 44069898019
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy+0x7e/0xa0 net/netfilter/xt_hashlimit.c:977
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:35718
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803571e000 pfn:0x35718
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: ffff88803571e000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238720888, free_ts 44069908453
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy+0x7e/0xa0 net/netfilter/xt_hashlimit.c:977
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:35719
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x35719
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238713519, free_ts 44069913114
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy+0x7e/0xa0 net/netfilter/xt_hashlimit.c:977
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f1b5711ee99
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f1b570d9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f1b571a9328 RCX: 00007f1b5711ee99
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f1b571a9320 R08: 00007f1b570d96c0 R09: 00007f1b570d96c0
R10: 00007f1b570d96c0 R11: 0000000000000246 R12: 00007f1b57176074
R13: 0000000020000eb8 R14: 2caa1414ac000000 R15: 00007ffed9b8fc98
 </TASK>
BUG: Bad page state in process syz-executor392  pfn:3571a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3571a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888106115000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 5962, tgid 5958 (syz-executor392), ts 44238706853, free_ts 44069917259
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5953 tgid 5952 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 vfree+0x17a/0x890 mm/vmalloc.c:3361
 htable_put net/netfilter/xt_hashlimit.c:424 [inline]
 hashlimit_mt_destroy+0x7e/0xa0 net/netfilter/xt_hashlimit.c:977
 cleanup_match net/ipv6/netfilter/ip6_tables.c:477 [inline]
 cleanup_entry+0x19f/0x3a0 net/ipv6/netfilter/ip6_tables.c:661
 translate_table+0xddd/0x17b0 net/ipv6/netfilter/ip6_tables.c:744
 do_replace net/ipv6/netfilter/ip6_tables.c:1154 [inline]
 do_ip6t_set_ctl+0x605/0xc40 net/ipv6/netfilter/ip6_tables.c:1644
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ipv6_setsockopt+0x135/0x170 net/ipv6/ipv6_sockglue.c:998
 rawv6_setsockopt+0xd7/0x680 net/ipv6/raw.c:1054
 do_sock_setsockopt+0x222/0x480 net/socket.c:2334
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2357
 __do_sys_setsockopt net/socket.c:2366 [inline]
 __se_sys_setsockopt net/socket.c:2363 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2363
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 5962 Comm: syz-executor392 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640