BUG: Bad page state in process syz.2.4065  pfn:5b463
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x5b463
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167287867, free_ts 934605796021
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18289 tgid 18289 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]
 ringbuf_map_free+0xd7/0x130 kernel/bpf/ringbuf.c:235
 bpf_map_free_deferred+0x1ce/0x420 kernel/bpf/syscall.c:746
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Not tainted 6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:5b462
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b463e00 pfn:0x5b462
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88805b463e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167279996, free_ts 934605788808
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18289 tgid 18289 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]
 ringbuf_map_free+0xd7/0x130 kernel/bpf/ringbuf.c:235
 bpf_map_free_deferred+0x1ce/0x420 kernel/bpf/syscall.c:746
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:43819
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x43819
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167272144, free_ts 934605810926
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18289 tgid 18289 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]
 ringbuf_map_free+0xd7/0x130 kernel/bpf/ringbuf.c:235
 bpf_map_free_deferred+0x1ce/0x420 kernel/bpf/syscall.c:746
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:43818
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888043819e00 pfn:0x43818
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888043819e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167264322, free_ts 934605803635
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18289 tgid 18289 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline]
 ringbuf_map_free+0xd7/0x130 kernel/bpf/ringbuf.c:235
 bpf_map_free_deferred+0x1ce/0x420 kernel/bpf/syscall.c:746
 process_one_work+0x9c5/0x1b40 kernel/workqueue.c:3231
 process_scheduled_works kernel/workqueue.c:3312 [inline]
 worker_thread+0x6c8/0xf00 kernel/workqueue.c:3393
 kthread+0x2c1/0x3a0 kernel/kthread.c:389
 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:31a47
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x31a47
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167256329, free_ts 932570213849
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 19527 tgid 19527 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __put_partials+0x14c/0x170 mm/slub.c:3055
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 kmem_cache_alloc_noprof+0x121/0x2f0 mm/slub.c:4048
 ptlock_alloc+0x1f/0x70 mm/memory.c:6606
 ptlock_init include/linux/mm.h:2944 [inline]
 pagetable_pte_ctor include/linux/mm.h:2971 [inline]
 __pte_alloc_one_noprof include/asm-generic/pgalloc.h:73 [inline]
 pte_alloc_one+0x74/0x370 arch/x86/mm/pgtable.c:33
 __do_fault+0x320/0x490 mm/memory.c:4667
 do_shared_fault mm/memory.c:5138 [inline]
 do_fault mm/memory.c:5212 [inline]
 do_pte_missing mm/memory.c:3964 [inline]
 handle_pte_fault mm/memory.c:5538 [inline]
 __handle_mm_fault+0x388f/0x5660 mm/memory.c:5681
 handle_mm_fault+0x498/0xa60 mm/memory.c:5849
 do_user_addr_fault+0x60d/0x13f0 arch/x86/mm/fault.c:1338
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x5c/0xc0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:31a46
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888031a47e00 pfn:0x31a46
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888031a47e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167248735, free_ts 934613140457
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 19578 tgid 19576 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:63fef
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x63fef
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167241004, free_ts 934613182072
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 19578 tgid 19576 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:63fee
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888063fefe00 pfn:0x63fee
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888063fefe00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167232852, free_ts 934673024835
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 vfree+0x181/0x7a0 mm/vmalloc.c:3367
 copy_entries_to_user net/ipv4/netfilter/ip_tables.c:866 [inline]
 get_entries net/ipv4/netfilter/ip_tables.c:1022 [inline]
 do_ipt_get_ctl+0x8b0/0xaa0 net/ipv4/netfilter/ip_tables.c:1668
 nf_getsockopt+0x79/0xe0 net/netfilter/nf_sockopt.c:116
 ip_getsockopt+0x18e/0x1e0 net/ipv4/ip_sockglue.c:1777
 tcp_getsockopt+0x9e/0x100 net/ipv4/tcp.c:4409
 do_sock_getsockopt+0x3fe/0x800 net/socket.c:2386
 __sys_getsockopt+0x1a1/0x270 net/socket.c:2415
 __do_sys_getsockopt net/socket.c:2425 [inline]
 __se_sys_getsockopt net/socket.c:2422 [inline]
 __x64_sys_getsockopt+0xbd/0x160 net/socket.c:2422
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:41893
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x41893
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167224944, free_ts 934673514462
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:41892
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888041893cc0 pfn:0x41892
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888041893cc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167217160, free_ts 934673536093
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:477e5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x477e5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167209404, free_ts 934673634219
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:477e4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880477e5e00 pfn:0x477e4
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff8880477e5e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167201201, free_ts 934673555549
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:11c91
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x11c91
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167193101, free_ts 934693270048
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:11c90
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888011c91cc0 pfn:0x11c90
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888011c91cc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167184804, free_ts 934693288645
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:53019
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x53019
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167177151, free_ts 934693307329
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:53018
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888053018c60 pfn:0x53018
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888053018c60 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167169432, free_ts 934693344836
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4890b
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x4890b
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167161593, free_ts 934693251395
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4890a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804890ba40 pfn:0x4890a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88804890ba40 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167153758, free_ts 934693676543
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __folio_put+0x31c/0x3e0 mm/swap.c:128
 folio_put include/linux/mm.h:1490 [inline]
 free_page_and_swap_cache+0x249/0x2c0 mm/swap_state.c:308
 __tlb_remove_table arch/x86/include/asm/tlb.h:34 [inline]
 __tlb_remove_table_free mm/mmu_gather.c:227 [inline]
 tlb_remove_table_rcu+0x89/0xe0 mm/mmu_gather.c:282
 rcu_do_batch kernel/rcu/tree.c:2569 [inline]
 rcu_core+0x828/0x16b0 kernel/rcu/tree.c:2843
 handle_softirqs+0x216/0x8f0 kernel/softirq.c:554
 __do_softirq kernel/softirq.c:588 [inline]
 invoke_softirq kernel/softirq.c:428 [inline]
 __irq_exit_rcu kernel/softirq.c:637 [inline]
 irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]
 sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1043
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:300eb
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x300eb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167145959, free_ts 930645643811
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:300ea
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880300ebe00 pfn:0x300ea
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff8880300ebe00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167138095, free_ts 930645643811
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:64df1
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x64df1
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167130406, free_ts 930645737092
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:64df0
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888064df1cc0 pfn:0x64df0
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888064df1cc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167122609, free_ts 930645737092
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:456d5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x456d5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167114465, free_ts 930645760241
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:456d4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880456d5e00 pfn:0x456d4
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff8880456d5e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167106648, free_ts 930645760241
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4e3ed
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x4e3ed
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167098721, free_ts 930645782043
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __put_partials+0x14c/0x170 mm/slub.c:3055
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4e3ec
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804e3ede00 pfn:0x4e3ec
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88804e3ede00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167091119, free_ts 930645782043
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __put_partials+0x14c/0x170 mm/slub.c:3055
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:283eb
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x283eb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167083270, free_ts 930645798872
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __put_partials+0x14c/0x170 mm/slub.c:3055
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:283ea
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880283ebe00 pfn:0x283ea
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff8880283ebe00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167075579, free_ts 930645798872
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __put_partials+0x14c/0x170 mm/slub.c:3055
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:45857
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x45857
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167067262, free_ts 930645815655
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __put_partials+0x14c/0x170 mm/slub.c:3055
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:45856
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888045857e00 pfn:0x45856
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888045857e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167059093, free_ts 930645815655
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 __put_partials+0x14c/0x170 mm/slub.c:3055
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:62e8f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x62e8f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167051257, free_ts 930645868657
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:62e8e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888062e8fe00 pfn:0x62e8e
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888062e8fe00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167043476, free_ts 930645868657
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:52bf9
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x52bf9
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167035754, free_ts 930645888827
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:52bf8
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888052bf9cc0 pfn:0x52bf8
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888052bf9cc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167027696, free_ts 930645888827
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:33f65
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x33f65
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167019561, free_ts 930645909858
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:33f64
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888033f65e00 pfn:0x33f64
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888033f65e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167008731, free_ts 930645909858
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4d74f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x4d74f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936167000926, free_ts 930645927602
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4d74e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88804d74fcc0 pfn:0x4d74e
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88804d74fcc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166992804, free_ts 930645927602
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:53937
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x53937
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166984954, free_ts 930645947530
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:53936
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888053937e00 pfn:0x53936
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888053937e00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166976873, free_ts 930645947530
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:5b17f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x5b17f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166969096, free_ts 930646009891
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:5b17e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805b17fcc0 pfn:0x5b17e
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88805b17fcc0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166961153, free_ts 930646009891
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 18137 tgid 18137 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 qlink_free mm/kasan/quarantine.c:163 [inline]
 qlist_free_all+0x4e/0x140 mm/kasan/quarantine.c:179
 kasan_quarantine_reduce+0x192/0x1e0 mm/kasan/quarantine.c:286
 __kasan_slab_alloc+0x69/0x90 mm/kasan/common.c:322
 kasan_slab_alloc include/linux/kasan.h:201 [inline]
 slab_post_alloc_hook mm/slub.c:3992 [inline]
 slab_alloc_node mm/slub.c:4041 [inline]
 __do_kmalloc_node mm/slub.c:4161 [inline]
 __kmalloc_node_noprof+0x1c3/0x430 mm/slub.c:4168
 __kvmalloc_node_noprof+0x9d/0x1a0 mm/util.c:650
 xt_jumpstack_alloc net/netfilter/x_tables.c:1355 [inline]
 xt_replace_table+0x1c7/0x910 net/netfilter/x_tables.c:1394
 __do_replace+0x1d9/0x9b0 net/ipv4/netfilter/ip_tables.c:1064
 do_replace net/ipv4/netfilter/ip_tables.c:1141 [inline]
 do_ipt_set_ctl+0x93c/0xc30 net/ipv4/netfilter/ip_tables.c:1635
 nf_setsockopt+0x8a/0xf0 net/netfilter/nf_sockopt.c:101
 ip_setsockopt+0xcb/0xf0 net/ipv4/ip_sockglue.c:1424
 tcp_setsockopt+0xa4/0x100 net/ipv4/tcp.c:3768
 do_sock_setsockopt+0x222/0x480 net/socket.c:2324
 __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
 __do_sys_setsockopt net/socket.c:2356 [inline]
 __se_sys_setsockopt net/socket.c:2353 [inline]
 __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4767b
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x4767b
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166952874, free_ts 930681426416
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6621
 do_nanosleep+0x216/0x510 kernel/time/hrtimer.c:2030
 hrtimer_nanosleep+0x1ab/0x440 kernel/time/hrtimer.c:2083
 common_nsleep+0xa1/0xd0 kernel/time/posix-timers.c:1350
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1396 [inline]
 __se_sys_clock_nanosleep kernel/time/posix-timers.c:1373 [inline]
 __x64_sys_clock_nanosleep+0x344/0x4a0 kernel/time/posix-timers.c:1373
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4767a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880272d2f80 pfn:0x4767a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff8880272d2f80 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166944689, free_ts 930681426416
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 17199 tgid 17199 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 __schedule_loop kernel/sched/core.c:6606 [inline]
 schedule+0xe7/0x350 kernel/sched/core.c:6621
 do_nanosleep+0x216/0x510 kernel/time/hrtimer.c:2030
 hrtimer_nanosleep+0x1ab/0x440 kernel/time/hrtimer.c:2083
 common_nsleep+0xa1/0xd0 kernel/time/posix-timers.c:1350
 __do_sys_clock_nanosleep kernel/time/posix-timers.c:1396 [inline]
 __se_sys_clock_nanosleep kernel/time/posix-timers.c:1373 [inline]
 __x64_sys_clock_nanosleep+0x344/0x4a0 kernel/time/posix-timers.c:1373
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4ea93
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x4ea93
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166936936, free_ts 931051156725
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 19507 tgid 19505 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 __mmput+0x3c8/0x480 kernel/fork.c:1356
 mmput+0x62/0x70 kernel/fork.c:1367
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2bb0 kernel/exit.c:869
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1031
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4ea92
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802dba9c80 pfn:0x4ea92
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88802dba9c80 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166928757, free_ts 931051156725
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 19507 tgid 19505 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 __mmput+0x3c8/0x480 kernel/fork.c:1356
 mmput+0x62/0x70 kernel/fork.c:1367
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2bb0 kernel/exit.c:869
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1031
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:36e43
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x700000002 pfn:0x36e43
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000700000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166920700, free_ts 931300240094
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 19513 tgid 19512 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 __mmput+0x3c8/0x480 kernel/fork.c:1356
 mmput+0x62/0x70 kernel/fork.c:1367
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2bb0 kernel/exit.c:869
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1031
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:36e42
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802983d580 pfn:0x36e42
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88802983d580 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166912770, free_ts 931300240094
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 19513 tgid 19512 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 __mmput+0x3c8/0x480 kernel/fork.c:1356
 mmput+0x62/0x70 kernel/fork.c:1367
 exit_mm kernel/exit.c:571 [inline]
 do_exit+0x9bf/0x2bb0 kernel/exit.c:869
 do_group_exit+0xd3/0x2a0 kernel/exit.c:1031
 get_signal+0x25fb/0x2770 kernel/signal.c:2917
 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:310
 exit_to_user_mode_loop kernel/entry/common.c:111 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218
 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:31d7f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888100000002 pfn:0x31d7f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888100000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166905122, free_ts 935793179499
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5430 tgid 5422 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 prepare_to_wait_exclusive+0xdc/0x2a0 kernel/sched/wait.c:256
 io_cqring_wait+0xbda/0x1480 io_uring/io_uring.c:2453
 __do_sys_io_uring_enter+0x410/0x1130 io_uring/io_uring.c:3255
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:31d7e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802030a600 pfn:0x31d7e
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88802030a600 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166897413, free_ts 935793179499
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 5430 tgid 5422 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 prepare_to_wait_exclusive+0xdc/0x2a0 kernel/sched/wait.c:256
 io_cqring_wait+0xbda/0x1480 io_uring/io_uring.c:2453
 __do_sys_io_uring_enter+0x410/0x1130 io_uring/io_uring.c:3255
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4c007
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2 pfn:0x4c007
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: 0000000000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166889622, free_ts 935851559781
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7838 tgid 7833 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 prepare_to_wait_exclusive+0xdc/0x2a0 kernel/sched/wait.c:256
 io_cqring_wait+0xbda/0x1480 io_uring/io_uring.c:2453
 __do_sys_io_uring_enter+0x410/0x1130 io_uring/io_uring.c:3255
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:4c006
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802030c280 pfn:0x4c006
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff88802030c280 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166881587, free_ts 935851559781
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7838 tgid 7833 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 prepare_to_wait_exclusive+0xdc/0x2a0 kernel/sched/wait.c:256
 io_cqring_wait+0xbda/0x1480 io_uring/io_uring.c:2453
 __do_sys_io_uring_enter+0x410/0x1130 io_uring/io_uring.c:3255
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:65d2f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888000000002 pfn:0x65d2f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888000000002 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166873687, free_ts 935870449149
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7838 tgid 7833 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 prepare_to_wait_exclusive+0xdc/0x2a0 kernel/sched/wait.c:256
 io_cqring_wait+0xbda/0x1480 io_uring/io_uring.c:2453
 __do_sys_io_uring_enter+0x410/0x1130 io_uring/io_uring.c:3255
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1093 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2619
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x138d/0x1960 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f679d57def9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f679e410038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 00007f679d735f80 RCX: 00007f679d57def9
RDX: 0000000000000048 RSI: 0000000020000600 RDI: 000000000000000a
RBP: 00007f679d5f0b76 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007f679d735f80 R15: 00007ffd36220398
 </TASK>
BUG: Bad page state in process syz.2.4065  pfn:65d2e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888059dcdf00 pfn:0x65d2e
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88804a923000 0000000000000000
raw: ffff888059dcdf00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 19654, tgid 19653 (syz.2.4065), ts 936166865643, free_ts 935870449149
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1500
 prep_new_page mm/page_alloc.c:1508 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3446
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4702
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4650
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x3a8/0x1960 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x10d2/0x4a00 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __x64_sys_bpf+0x78/0xc0 kernel/bpf/syscall.c:5815
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
page last free pid 7838 tgid 7833 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1101 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2619
 mm_free_pgd kernel/fork.c:802 [inline]
 __mmdrop+0xd5/0x460 kernel/fork.c:918
 mmdrop include/linux/sched/mm.h:55 [inline]
 mmdrop_sched include/linux/sched/mm.h:83 [inline]
 mmdrop_lazy_tlb_sched include/linux/sched/mm.h:110 [inline]
 finish_task_switch.isra.0+0x7af/0xcc0 kernel/sched/core.c:5087
 context_switch kernel/sched/core.c:5191 [inline]
 __schedule+0xe3f/0x5490 kernel/sched/core.c:6529
 preempt_schedule_common+0x44/0xc0 kernel/sched/core.c:6708
 preempt_schedule_thunk+0x1a/0x30 arch/x86/entry/thunk.S:12
 __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline]
 _raw_spin_unlock_irqrestore+0x61/0x80 kernel/locking/spinlock.c:194
 spin_unlock_irqrestore include/linux/spinlock.h:406 [inline]
 prepare_to_wait_exclusive+0xdc/0x2a0 kernel/sched/wait.c:256
 io_cqring_wait+0xbda/0x1480 io_uring/io_uring.c:2453
 __do_sys_io_uring_enter+0x410/0x1130 io_uring/io_uring.c:3255
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
Modules linked in:
CPU: 2 UID: 0 PID: 19654 Comm: syz.2.4065 Tainted: G    B              6.11.0-rc7-syzkaller-00133-ge936e7d4a83b #0
Tainted: [B]=BAD_PAGE