BUG: Bad page state in process syz.2.1921  pfn:2142c
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2142c
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622587167, free_ts 323975001321
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:21443
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21443
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622578448, free_ts 323975016404
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:1b5f3
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801b5f3c60 pfn:0x1b5f3
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff88801b5f3c60 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622570242, free_ts 323975030666
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:21549
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21549
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622561965, free_ts 323975044333
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2153f
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2153f
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622553911, free_ts 323975059389
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:1fc7e
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801fc7e0f8 pfn:0x1fc7e
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff88801fc7e0f8 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622545096, free_ts 323975072677
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:21534
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21534
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622531267, free_ts 323975086831
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:20da5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20da5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622523382, free_ts 323975100097
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:26286
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26286
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622515284, free_ts 323975114110
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:20d71
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8 pfn:0x20d71
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000008 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622506524, free_ts 323975128218
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:20254
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20254
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622498369, free_ts 323975142982
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:22263
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x22263
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622489392, free_ts 323975156710
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2a60b
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2055b pfn:0x2a60b
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 000000000002055b 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622480856, free_ts 323975171219
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2152a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2152a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622472282, free_ts 323975185205
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:21585
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x21585
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622463726, free_ts 323975198727
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:124df
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880124df1b0 pfn:0x124df
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff8880124df1b0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622455353, free_ts 323975213951
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:26bde
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026bde690 pfn:0x26bde
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff888026bde690 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622446156, free_ts 323975228585
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:26d90
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888026d90288 pfn:0x26d90
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff888026d90288 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622434529, free_ts 323975244508
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2a486
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802a486000 pfn:0x2a486
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff88802a486000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622373594, free_ts 323975260724
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2b805
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802b8053c0 pfn:0x2b805
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff88802b8053c0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622365458, free_ts 323975276059
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:21559
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880215593c0 pfn:0x21559
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff8880215593c0 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622357632, free_ts 323975290686
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:1cea8
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1cea8
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622349824, free_ts 323975304665
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:1242a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x847 pfn:0x1242a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000847 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622341968, free_ts 323975318422
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:211ff
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x211ff
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622333722, free_ts 323975332447
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:20c14
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20c14
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622325552, free_ts 323975345902
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:262de
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x262de
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622317607, free_ts 323975359878
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:263e5
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8880263e5f00 pfn:0x263e5
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff8880263e5f00 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622309754, free_ts 323975373434
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:26290
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26290
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622301654, free_ts 323975387200
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:261cb
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x261cb
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622291429, free_ts 323975401193
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:295b2
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x20d pfn:0x295b2
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 000000000000020d 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622282689, free_ts 323975414763
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2a5b4
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x11b pfn:0x2a5b4
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 000000000000011b 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622274644, free_ts 323975429206
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2b616
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802b616f78 pfn:0x2b616
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff88802b616f78 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622266645, free_ts 323975442795
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:1264a
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x8f3 pfn:0x1264a
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 00000000000008f3 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622258693, free_ts 323975456659
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:25940
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25940
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622249914, free_ts 323975472334
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:262ea
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x262ea
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622242123, free_ts 323975486999
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:26a8b
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x26a8b
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622234286, free_ts 323975501923
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:290ea
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x2a5 pfn:0x290ea
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 00000000000002a5 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622226408, free_ts 323975520651
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:262fa
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x262fa
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: 0000000000000000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622218346, free_ts 323975534682
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
 __do_fast_syscall_32+0x80/0x120 arch/x86/entry/common.c:389
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
Modules linked in:
CPU: 3 UID: 0 PID: 11855 Comm: syz.2.1921 Tainted: G    B              6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0
Tainted: [B]=BAD_PAGE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:93 [inline]
 dump_stack_lvl+0x16c/0x1f0 lib/dump_stack.c:119
 bad_page+0xb3/0x220 mm/page_alloc.c:498
 free_page_is_bad_report mm/page_alloc.c:905 [inline]
 free_page_is_bad mm/page_alloc.c:915 [inline]
 free_pages_prepare mm/page_alloc.c:1086 [inline]
 free_unref_page+0x69e/0xe40 mm/page_alloc.c:2612
 skb_free_frag include/linux/skbuff.h:3383 [inline]
 skb_free_head+0xa0/0x1d0 net/core/skbuff.c:1094
 skb_release_data+0x75c/0x980 net/core/skbuff.c:1123
 skb_release_all net/core/skbuff.c:1188 [inline]
 __kfree_skb net/core/skbuff.c:1202 [inline]
 sk_skb_reason_drop+0x133/0x200 net/core/skbuff.c:1240
 kfree_skb_reason include/linux/skbuff.h:1260 [inline]
 __netif_receive_skb_core.constprop.0+0x592/0x4330 net/core/dev.c:5635
 __netif_receive_skb_list_core+0x357/0x950 net/core/dev.c:5737
 __netif_receive_skb_list net/core/dev.c:5804 [inline]
 netif_receive_skb_list_internal+0x753/0xda0 net/core/dev.c:5896
 netif_receive_skb_list+0x4f/0x4a0 net/core/dev.c:5948
 xdp_recv_frames net/bpf/test_run.c:279 [inline]
 xdp_test_run_batch.constprop.0+0x1296/0x1880 net/bpf/test_run.c:360
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
RIP: 0023:0xf7f56579
Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
RSP: 002b:00000000f56f656c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000020000600
RDX: 0000000000000048 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>
BUG: Bad page state in process syz.2.1921  pfn:2bbb6
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88802bbb6000 pfn:0x2bbb6
flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
raw: 00fff00000000000 dead000000000040 ffff88805326a000 0000000000000000
raw: ffff88802bbb6000 0000000000000001 00000000ffffffff 0000000000000000
page dumped because: page_pool leak
page_owner tracks the page as allocated
page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102820(GFP_ATOMIC|__GFP_NOWARN|__GFP_HARDWALL), pid 11855, tgid 11854 (syz.2.1921), ts 324622210128, free_ts 323975549147
 set_page_owner include/linux/page_owner.h:32 [inline]
 post_alloc_hook+0x2d1/0x350 mm/page_alloc.c:1493
 prep_new_page mm/page_alloc.c:1501 [inline]
 get_page_from_freelist+0x1351/0x2e50 mm/page_alloc.c:3442
 __alloc_pages_noprof+0x22b/0x2460 mm/page_alloc.c:4700
 alloc_pages_bulk_noprof+0x742/0x14f0 mm/page_alloc.c:4648
 alloc_pages_bulk_array_node_noprof include/linux/gfp.h:239 [inline]
 __page_pool_alloc_pages_slow+0x19b/0xb30 net/core/page_pool.c:527
 page_pool_alloc_netmem net/core/page_pool.c:576 [inline]
 page_pool_alloc_pages+0xb5/0x110 net/core/page_pool.c:583
 page_pool_dev_alloc_pages include/net/page_pool/helpers.h:96 [inline]
 xdp_test_run_batch.constprop.0+0x30f/0x1880 net/bpf/test_run.c:305
 bpf_test_run_xdp_live+0x365/0x500 net/bpf/test_run.c:389
 bpf_prog_test_run_xdp+0x82d/0x1530 net/bpf/test_run.c:1317
 bpf_prog_test_run kernel/bpf/syscall.c:4313 [inline]
 __sys_bpf+0x1af6/0x55e0 kernel/bpf/syscall.c:5728
 __do_sys_bpf kernel/bpf/syscall.c:5817 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:5815 [inline]
 __ia32_sys_bpf+0x76/0xe0 kernel/bpf/syscall.c:5815
 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]
 __do_fast_syscall_32+0x73/0x120 arch/x86/entry/common.c:386
 do_fast_syscall_32+0x32/0x80 arch/x86/entry/common.c:411
 entry_SYSENTER_compat_after_hwframe+0x84/0x8e
page last free pid 11815 tgid 11815 stack trace:
 reset_page_owner include/linux/page_owner.h:25 [inline]
 free_pages_prepare mm/page_alloc.c:1094 [inline]
 free_unref_page+0x64a/0xe40 mm/page_alloc.c:2612
 vfree+0x181/0x7a0 mm/vmalloc.c:3364
 vb2_vmalloc_put drivers/media/common/videobuf2/videobuf2-vmalloc.c:68 [inline]
 vb2_vmalloc_put+0x7b/0xc0 drivers/media/common/videobuf2/videobuf2-vmalloc.c:63
 __vb2_buf_mem_free+0x154/0x2c0 drivers/media/common/videobuf2/videobuf2-core.c:275
 __vb2_free_mem drivers/media/common/videobuf2/videobuf2-core.c:557 [inline]
 __vb2_queue_free+0x861/0xac0 drivers/media/common/videobuf2/videobuf2-core.c:585
 vb2_core_queue_release+0x70/0x190 drivers/media/common/videobuf2/videobuf2-core.c:2654
 v4l2_m2m_ctx_release+0x2a/0x40 drivers/media/v4l2-core/v4l2-mem2mem.c:1277
 vim2m_release+0xe8/0x170 drivers/media/test-drivers/vim2m.c:1245
 v4l2_release+0x238/0x460 drivers/media/v4l2-core/v4l2-dev.c:456
 __fput+0x408/0xbb0 fs/file_table.c:422
 task_work_run+0x14e/0x250 kernel/task_work.c:228
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 exit_to_user_mode_loop kernel/entry/common.c:114 [inline]
 exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline]
 __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline]
 syscall_exit_to_user_mode+0x27b/0x2a0 kernel/entry/common.c:218
----------------
Code disassembly (best guess), 2 bytes skipped:
   0:	10 06                	adc    %al,(%rsi)
   2:	03 74 b4 01          	add    0x1(%rsp,%rsi,4),%esi
   6:	10 07                	adc    %al,(%rdi)
   8:	03 74 b0 01          	add    0x1(%rax,%rsi,4),%esi
   c:	10 08                	adc    %cl,(%rax)
   e:	03 74 d8 01          	add    0x1(%rax,%rbx,8),%esi
  1e:	00 51 52             	add    %dl,0x52(%rcx)
  21:	55                   	push   %rbp
  22:	89 e5                	mov    %esp,%ebp
  24:	0f 34                	sysenter
  26:	cd 80                	int    $0x80
* 28:	5d                   	pop    %rbp <-- trapping instruction
  29:	5a                   	pop    %rdx
  2a:	59                   	pop    %rcx
  2b:	c3                   	ret
  2c:	90                   	nop
  2d:	90                   	nop
  2e:	90                   	nop
  2f:	90                   	nop
  30:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi
  37:	8d b4 26 00 00 00 00 	lea    0x0(%rsi,%riz,1),%esi