BUG: Bad page state in process syz.0.314  pfn:46cb3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x46cb3
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037182451, free_ts 79008369683
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5364 tgid 5364 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 getname_flags.part.0+0x4c/0x550 fs/namei.c:139
 getname_flags include/linux/audit.h:322 [inline]
 getname+0x8d/0xe0 fs/namei.c:225
 do_sys_openat2+0x104/0x1e0 fs/open.c:1409
 do_sys_open fs/open.c:1430 [inline]
 __do_sys_openat fs/open.c:1446 [inline]
 __se_sys_openat fs/open.c:1441 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1441
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Not tainted 6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:46cb2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x46cb2
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037177993, free_ts 79008369683
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5364 tgid 5364 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 getname_flags.part.0+0x4c/0x550 fs/namei.c:139
 getname_flags include/linux/audit.h:322 [inline]
 getname+0x8d/0xe0 fs/namei.c:225
 do_sys_openat2+0x104/0x1e0 fs/open.c:1409
 do_sys_open fs/open.c:1430 [inline]
 __do_sys_openat fs/open.c:1446 [inline]
 __se_sys_openat fs/open.c:1441 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1441
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:46cb1
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x46cb1
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037172759, free_ts 79008369683
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5364 tgid 5364 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 getname_flags.part.0+0x4c/0x550 fs/namei.c:139
 getname_flags include/linux/audit.h:322 [inline]
 getname+0x8d/0xe0 fs/namei.c:225
 do_sys_openat2+0x104/0x1e0 fs/open.c:1409
 do_sys_open fs/open.c:1430 [inline]
 __do_sys_openat fs/open.c:1446 [inline]
 __se_sys_openat fs/open.c:1441 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1441
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:46cb0
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888046cb6000 pfn:0x46cb0
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff888046cb6000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037167242, free_ts 79008369683
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5364 tgid 5364 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 getname_flags.part.0+0x4c/0x550 fs/namei.c:139
 getname_flags include/linux/audit.h:322 [inline]
 getname+0x8d/0xe0 fs/namei.c:225
 do_sys_openat2+0x104/0x1e0 fs/open.c:1409
 do_sys_open fs/open.c:1430 [inline]
 __do_sys_openat fs/open.c:1446 [inline]
 __se_sys_openat fs/open.c:1441 [inline]
 __x64_sys_openat+0x175/0x210 fs/open.c:1441
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48597
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48597
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037091989, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48596
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48596
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037084082, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48595
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48595
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037076077, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48594
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48594
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037069043, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48593
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48593
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037061425, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48592
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x48592
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037053554, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48591
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x48591
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037046286, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:48590
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888048596600 pfn:0x48590
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff888048596600 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037038434, free_ts 79012750246
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31457
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31457
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037030899, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31456
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31456
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037023242, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31455
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x31455
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037016532, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31454
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031456100 pfn:0x31454
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff888031456100 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037009480, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31453
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31453
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79037002920, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31452
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x31452
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036996998, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31451
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x31451
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036990237, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:31450
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031456600 pfn:0x31450
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff888031456600 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036983589, free_ts 79012768531
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c847
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c847
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036977307, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c846
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c846
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036969937, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c845
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c845
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036964314, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c844
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c844
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036959581, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c843
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c843
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036955091, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c842
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c842
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036950585, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c841
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x4c841
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036945564, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4c840
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804c846000 pfn:0x4c840
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff88804c846000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036940712, free_ts 79012829434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4d0b7
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d0b7
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036934627, free_ts 79013125143
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:4d0b6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4d0b6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036919969, free_ts 79013125143
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7120 tgid 7120 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_node_noprof+0x153/0x310 mm/slub.c:4186
 __alloc_skb+0x2b1/0x380 net/core/skbuff.c:668
 alloc_skb include/linux/skbuff.h:1322 [inline]
 netlink_alloc_large_skb+0x69/0x130 net/netlink/af_netlink.c:1206
 netlink_sendmsg+0x689/0xd70 net/netlink/af_netlink.c:1876
 sock_sendmsg_nosec net/socket.c:729 [inline]
 __sock_sendmsg net/socket.c:744 [inline]
 ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2607
 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2661
 __sys_sendmsg+0x117/0x1f0 net/socket.c:2690
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:5545a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5545a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036829541, free_ts 78916094224
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55459
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x55459
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036822491, free_ts 78916094224
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55458
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805545e000 pfn:0x55458
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff88805545e000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036815183, free_ts 78916094224
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55457
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55457
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036805554, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55456
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55456
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036774721, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55455
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55455
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036766534, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55454
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55454
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036758960, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55453
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55453
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036751165, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55452
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x55452
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036743100, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55451
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x55451
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036736259, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:55450
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888055450000 pfn:0x55450
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff888055450000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036728340, free_ts 78878899723
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7297 tgid 7297 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4141
 taskstats_tgid_alloc kernel/taskstats.c:582 [inline]
 taskstats_exit+0x656/0xbe0 kernel/taskstats.c:621
 do_exit+0x84a/0x2d70 kernel/exit.c:924
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1088
 __do_sys_exit_group kernel/exit.c:1099 [inline]
 __se_sys_exit_group kernel/exit.c:1097 [inline]
 __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1097
 x64_sys_call+0x14a9/0x16a0 arch/x86/include/generated/asm/syscalls_64.h:232
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303af
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303af
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036720543, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303ae
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303ae
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036712437, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303ad
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x4 pfn:0x303ad
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000004 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036704929, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303ac
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880303ae400 pfn:0x303ac
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff8880303ae400 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036697091, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303ab
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303ab
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036689408, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303aa
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303aa
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036681781, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303a9
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x303a9
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036673766, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303a8
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880303ae000 pfn:0x303a8
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: ffff8880303ae000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036666258, free_ts 78916307047
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303a7
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303a7
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036658565, free_ts 78916295460
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303a6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303a6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036650527, free_ts 78916295460
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303a5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303a5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036643050, free_ts 78916295460
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303a4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303a4
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036635204, free_ts 78916295460
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638
 skb_free_frag include/linux/skbuff.h:3399 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1096
 skb_release_data+0x560/0x730 net/core/skbuff.c:1125
 skb_release_all net/core/skbuff.c:1190 [inline]
 __kfree_skb net/core/skbuff.c:1204 [inline]
 sk_skb_reason_drop+0x129/0x1a0 net/core/skbuff.c:1242
 kfree_skb_reason include/linux/skbuff.h:1262 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5640
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5741
 __netif_receive_skb_list net/core/dev.c:5808 [inline]
 netif_receive_skb_list_internal+0x753/0xdb0 net/core/dev.c:5899
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5951
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fc02f97e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fc0306bb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007fc02fb35f80 RCX: 00007fc02f97e719
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007fc02f9f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fc02fb35f80 R15: 00007ffe03613128
 </TASK>
BUG: Bad page state in process syz.0.314  pfn:303a3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x303a3
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff888040826000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2820(GFP_ATOMIC|__GFP_NOWARN), pid 7351, tgid 7350 (syz.0.314), ts 79036626980, free_ts 78916295460
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1537
 prep_new_page mm/page_alloc.c:1545 [inline]
 get_page_from_freelist+0x101e/0x3070 mm/page_alloc.c:3457
 __alloc_pages_noprof+0x223/0x25a0 mm/page_alloc.c:4733
 alloc_pages_bulk_noprof+0x77c/0x1110 mm/page_alloc.c:4681
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x18f/0x770 net/core/page_pool.c:538
 page_pool_alloc_netmem net/core/page_pool.c:590 [inline]
 page_pool_alloc_netmem+0xc4/0x160 net/core/page_pool.c:577
 page_pool_alloc_pages+0x1a/0x60 net/core/page_pool.c:597
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x827/0x1580 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4266 [inline]
 __sys_bpf+0xfc6/0x49a0 kernel/bpf/syscall.c:5671
 __do_sys_bpf kernel/bpf/syscall.c:5760 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5758 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5758
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7337 tgid 7337 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1108 [inline]
 free_unref_page+0x5f4/0xdc0 mm/page_alloc.c:2638
 __put_partials+0x14c/0x170 mm/slub.c:3145
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x120 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:329
 kasan_slab_alloc include/linux/kasan.h:247 [inline]
 slab_post_alloc_hook mm/slub.c:4085 [inline]
 slab_alloc_node mm/slub.c:4134 [inline]
 __do_kmalloc_node mm/slub.c:4263 [inline]
 __kmalloc_noprof+0x199/0x400 mm/slub.c:4276
 kmalloc_noprof include/linux/slab.h:882 [inline]
 tomoyo_realpath_from_path+0xb9/0x720 security/tomoyo/realpath.c:251
 tomoyo_realpath_nofollow+0xdd/0x100 security/tomoyo/realpath.c:304
 tomoyo_find_next_domain+0x2ad/0x2070 security/tomoyo/domain.c:726
 tomoyo_bprm_check_security security/tomoyo/tomoyo.c:102 [inline]
 tomoyo_bprm_check_security+0x12b/0x1d0 security/tomoyo/tomoyo.c:92
 security_bprm_check+0x1b9/0x1e0 security/security.c:1297
 search_binary_handler fs/exec.c:1740 [inline]
 exec_binprm fs/exec.c:1794 [inline]
 bprm_execve fs/exec.c:1845 [inline]
 bprm_execve+0x642/0x1960 fs/exec.c:1821
 do_execveat_common.isra.0+0x4f1/0x630 fs/exec.c:1952
 do_execve fs/exec.c:2026 [inline]
 __do_sys_execve fs/exec.c:2102 [inline]
 __se_sys_execve fs/exec.c:2097 [inline]
 __x64_sys_execve+0x8c/0xb0 fs/exec.c:2097
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 7351 Comm: syz.0.314 Tainted: G    B              6.12.0-rc5-syzkaller-00005-ge42b1a9a2557 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:120
 bad_page+0xb3/0x1f0 mm/page_alloc.c:501
 free_page_is_bad_report mm/page_alloc.c:908 [inline]
 free_page_is_bad mm/page_alloc.c:918 [inline]
 free_pages_prepare mm/page_alloc.c:1100 [inline]
 free_unref_page+0x657/0xdc0 mm/page_alloc.c:2638