From: Lei Yang <leiyang@redhat.com>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: syzbot <syzbot+6f3c38e8a6a0297caa5a@syzkaller.appspotmail.com>,
jasowang@redhat.com, linux-kernel@vger.kernel.org,
linux-next@vger.kernel.org, sfr@canb.auug.org.au,
syzkaller-bugs@googlegroups.com, virtualization@lists.linux.dev,
xuanzhuo@linux.alibaba.com,
Andrew Morton <akpm@linux-foundation.org>,
linux-mm@kvack.org
Subject: Re: [syzbot] [virtualization?] linux-next boot error: WARNING: refcount bug in __free_pages_ok
Date: Thu, 22 Feb 2024 11:06:55 +0800 [thread overview]
Message-ID: <CAPpAL=y+-YrDUsKYVBig4dc-7+Cg1Lk_VWXPOKeL=s2Fitf3mA@mail.gmail.com> (raw)
In-Reply-To: <20240219022853-mutt-send-email-mst@kernel.org>
[-- Attachment #1: Type: text/plain, Size: 8670 bytes --]
Hi All
I hit a similar issue when doing a regression testing from my side.
For the error messages please help review the attachment.
The latest commit:
commit c02197fc9076e7d991c8f6adc11759c5ba52ddc6 (HEAD -> master,
origin/master, origin/HEAD)
Merge: f2667e0c3240 0846dd77c834
Author: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sat Feb 17 16:59:31 2024 -0800
Merge tag 'powerpc-6.8-3' of
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
"This is a bit of a big batch for rc4, but just due to holiday hangover
and because I didn't send any fixes last week due to a late revert
request. I think next week should be back to normal.
Regards
Lei
On Mon, Feb 19, 2024 at 3:35 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>
> On Sun, Feb 18, 2024 at 09:06:18PM -0800, syzbot wrote:
> > Hello,
> >
> > syzbot found the following issue on:
> >
> > HEAD commit: d37e1e4c52bc Add linux-next specific files for 20240216
> > git tree: linux-next
> > console output: https://syzkaller.appspot.com/x/log.txt?x=171ca652180000
> > kernel config: https://syzkaller.appspot.com/x/.config?x=4bc446d42a7d56c0
> > dashboard link: https://syzkaller.appspot.com/bug?extid=6f3c38e8a6a0297caa5a
> > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
> >
> > Downloadable assets:
> > disk image: https://storage.googleapis.com/syzbot-assets/14d0894504b9/disk-d37e1e4c.raw.xz
> > vmlinux: https://storage.googleapis.com/syzbot-assets/6cda61e084ee/vmlinux-d37e1e4c.xz
> > kernel image: https://storage.googleapis.com/syzbot-assets/720c85283c05/bzImage-d37e1e4c.xz
> >
> > IMPORTANT: if you fix the issue, please add the following tag to the commit:
> > Reported-by: syzbot+6f3c38e8a6a0297caa5a@syzkaller.appspotmail.com
> >
> > Key type pkcs7_test registered
> > Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239)
> > io scheduler mq-deadline registered
> > io scheduler kyber registered
> > io scheduler bfq registered
> > input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
> > ACPI: button: Power Button [PWRF]
> > input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
> > ACPI: button: Sleep Button [SLPF]
> > ioatdma: Intel(R) QuickData Technology Driver 5.00
> > ACPI: \_SB_.LNKC: Enabled at IRQ 11
> > virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver
> > ACPI: \_SB_.LNKD: Enabled at IRQ 10
> > virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver
> > ACPI: \_SB_.LNKB: Enabled at IRQ 10
> > virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver
> > virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver
> > N_HDLC line discipline registered with maxframe=4096
> > Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
> > 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A
> > 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A
> > 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A
> > 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A
> > Non-volatile memory driver v1.3
> > Linux agpgart interface v0.103
> > ACPI: bus type drm_connector registered
> > [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0
> > [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1
> > Console: switching to colour frame buffer device 128x48
> > platform vkms: [drm] fb0: vkmsdrmfb frame buffer device
> > usbcore: registered new interface driver udl
> > brd: module loaded
> > loop: module loaded
> > zram: Added device: zram0
> > null_blk: disk nullb0 created
> > null_blk: module loaded
> > Guest personality initialized and is inactive
> > VMCI host device registered (name=vmci, major=10, minor=118)
> > Initialized host personality
> > usbcore: registered new interface driver rtsx_usb
> > usbcore: registered new interface driver viperboard
> > usbcore: registered new interface driver dln2
> > usbcore: registered new interface driver pn533_usb
> > nfcsim 0.2 initialized
> > usbcore: registered new interface driver port100
> > usbcore: registered new interface driver nfcmrvl
> > Loading iSCSI transport class v2.0-870.
> > virtio_scsi virtio0: 1/0/0 default/read/poll queues
> > ------------[ cut here ]------------
> > refcount_t: decrement hit 0; leaking memory.
> > WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31
> > Modules linked in:
> > CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc4-next-20240216-syzkaller #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
> > RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31
> > Code: b2 00 00 00 e8 b7 94 f0 fc 5b 5d c3 cc cc cc cc e8 ab 94 f0 fc c6 05 c6 16 ce 0a 01 90 48 c7 c7 a0 5a fe 8b e8 67 69 b4 fc 90 <0f> 0b 90 90 eb d9 e8 8b 94 f0 fc c6 05 a3 16 ce 0a 01 90 48 c7 c7
> > RSP: 0000:ffffc90000066e10 EFLAGS: 00010246
> > RAX: 15c2c224c9b50400 RBX: ffff888020827d2c RCX: ffff8880162d8000
> > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
> > RBP: 0000000000000004 R08: ffffffff8157b942 R09: fffffbfff1bf95cc
> > R10: dffffc0000000000 R11: fffffbfff1bf95cc R12: ffffea000502fdc0
> > R13: ffffea000502fdc8 R14: 1ffffd4000a05fb9 R15: 0000000000000000
> > FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
> > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: ffff88823ffff000 CR3: 000000000df32000 CR4: 00000000003506f0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > Call Trace:
> > <TASK>
> > reset_page_owner include/linux/page_owner.h:24 [inline]
> > free_pages_prepare mm/page_alloc.c:1140 [inline]
> > __free_pages_ok+0xc42/0xd70 mm/page_alloc.c:1269
> > make_alloc_exact+0xc4/0x140 mm/page_alloc.c:4847
> > vring_alloc_queue drivers/virtio/virtio_ring.c:319 [inline]
>
> Wow this seems to be breakage deep in mm/ - all virtio does is
> call alloc_pages_exact and that corrupts the refcounts?
>
>
> > vring_alloc_queue_split+0x20a/0x600 drivers/virtio/virtio_ring.c:1108
> > vring_create_virtqueue_split+0xc6/0x310 drivers/virtio/virtio_ring.c:1158
> > vring_create_virtqueue+0xca/0x110 drivers/virtio/virtio_ring.c:2683
> > setup_vq+0xe9/0x2d0 drivers/virtio/virtio_pci_legacy.c:131
> > vp_setup_vq+0xbf/0x330 drivers/virtio/virtio_pci_common.c:189
> > vp_find_vqs_msix+0x8b2/0xc80 drivers/virtio/virtio_pci_common.c:331
> > vp_find_vqs+0x4c/0x4e0 drivers/virtio/virtio_pci_common.c:408
> > virtio_find_vqs include/linux/virtio_config.h:233 [inline]
> > virtscsi_init+0x8db/0xd00 drivers/scsi/virtio_scsi.c:887
> > virtscsi_probe+0x3ea/0xf60 drivers/scsi/virtio_scsi.c:945
> > virtio_dev_probe+0x991/0xaf0 drivers/virtio/virtio.c:311
> > really_probe+0x29e/0xc50 drivers/base/dd.c:658
> > __driver_probe_device+0x1a2/0x3e0 drivers/base/dd.c:800
> > driver_probe_device+0x50/0x430 drivers/base/dd.c:830
> > __driver_attach+0x45f/0x710 drivers/base/dd.c:1216
> > bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368
> > bus_add_driver+0x347/0x620 drivers/base/bus.c:673
> > driver_register+0x23a/0x320 drivers/base/driver.c:246
> > virtio_scsi_init+0x65/0xe0 drivers/scsi/virtio_scsi.c:1083
> > do_one_initcall+0x238/0x830 init/main.c:1233
> > do_initcall_level+0x157/0x210 init/main.c:1295
> > do_initcalls+0x3f/0x80 init/main.c:1311
> > kernel_init_freeable+0x435/0x5d0 init/main.c:1543
> > kernel_init+0x1d/0x2b0 init/main.c:1432
> > ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
> > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:242
> > </TASK>
> >
> >
> > ---
> > This report is generated by a bot. It may contain errors.
> > See https://goo.gl/tpsmEJ for more information about syzbot.
> > syzbot engineers can be reached at syzkaller@googlegroups.com.
> >
> > syzbot will keep track of this issue. See:
> > https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
> >
> > If the report is already addressed, let syzbot know by replying with:
> > #syz fix: exact-commit-title
> >
> > If you want to overwrite report's subsystems, reply with:
> > #syz set subsystems: new-subsystem
> > (See the list of subsystem names on the web dashboard)
> >
> > If the report is a duplicate of another one, reply with:
> > #syz dup: exact-subject-of-another-report
> >
> > If you want to undo deduplication, reply with:
> > #syz undup
>
>
[-- Attachment #2: log --]
[-- Type: application/octet-stream, Size: 11323 bytes --]
[ 7606.965874] ------------[ cut here ]------------
[ 7606.970516] refcount_t: underflow; use-after-free.
[ 7606.975329] WARNING: CPU: 26 PID: 0 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110
[ 7606.983608] Modules linked in: binfmt_misc act_skbedit bluetooth nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs act_mirred cls_matchall nfnetlink_cttimeout nfnetlink act_gact cls_flower sch_ingress openvswitch nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 mlx5_vdpa vringh vhost_vdpa vhost vhost_iotlb vdpa bridge stp llc qrtr rfkill intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common intel_ifs i10nm_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp ipmi_ssif coretemp mlx5_ib acpi_ipmi ib_uverbs joydev ipmi_si kvm_intel ib_core intel_sdsi kvm ipmi_devintf dell_smbios dax_hmem irqbypass pmt_telemetry iTCO_wdt pmt_class ipmi_msghandler rapl iTCO_vendor_support cxl_acpi isst_if_mmio dell_wmi_descriptor dcdbas idxd mei_me isst_if_mbox_pci idxd_bus intel_vsec isst_if_common cxl_core i2c_ismt i2c_i801 mei intel_cstate intel_uncore wmi_bmof i2c_smbus pcspkr acpi_power_meter xfs libcrc32c sd_mod sg mgag200 i2c_algo_bit
[ 7606.983754] drm_shmem_helper mlx5_core nvme_tcp drm_kms_helper nvme_fabrics nvme_core ahci crct10dif_pclmul libahci mlxfw t10_pi crc32_pclmul crc32c_intel drm bnxt_en psample libata megaraid_sas ghash_clmulni_intel tg3 wmi pci_hyperv_intf pinctrl_emmitsburg cdc_ether usbnet mii dm_multipath sunrpc dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fuse
[ 7607.114425] CPU: 26 PID: 0 Comm: swapper/26 Not tainted 6.8.0-rc4+ #1
[ 7607.120882] Hardware name: Dell Inc. PowerEdge R760/0NH8MJ, BIOS 1.3.2 03/28/2023
[ 7607.128377] RIP: 0010:refcount_warn_saturate+0xba/0x110
[ 7607.133621] Code: 01 01 e8 a9 cf aa ff 0f 0b c3 cc cc cc cc 80 3d 1f 4a 6c 01 00 75 85 48 c7 c7 80 e8 3f bd c6 05 0f 4a 6c 01 01 e8 86 cf aa ff <0f> 0b c3 cc cc cc cc 80 3d fa 49 6c 01 00 0f 85 5e ff ff ff 48 c7
[ 7607.152388] RSP: 0018:ff8591c806ce0ca0 EFLAGS: 00010286
[ 7607.157631] RAX: 0000000000000000 RBX: ff4845646aa4ce00 RCX: 000000000000083f
[ 7607.164779] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000003f
[ 7607.171930] RBP: ff4845646aa4ce00 R08: 0000000000000000 R09: 00000000ffff7fff
[ 7607.179081] R10: ff8591c806ce0b40 R11: ffffffffbd9e6368 R12: 0000000000000001
[ 7607.186228] R13: 0000000000000000 R14: ff48456b4642ad40 R15: 0000000000000000
[ 7607.193362] FS: 0000000000000000(0000) GS:ff48456b1ff40000(0000) knlGS:0000000000000000
[ 7607.201467] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7607.207228] CR2: 00007f9688002be8 CR3: 000000088451e002 CR4: 0000000000773ef0
[ 7607.214380] PKRU: 55555554
[ 7607.217109] Call Trace:
[ 7607.219581] <IRQ>
[ 7607.221619] ? __warn+0x80/0x130
[ 7607.224876] ? refcount_warn_saturate+0xba/0x110
[ 7607.229514] ? report_bug+0x195/0x1a0
[ 7607.233198] ? handle_bug+0x3c/0x70
[ 7607.236706] ? exc_invalid_op+0x14/0x70
[ 7607.240568] ? asm_exc_invalid_op+0x16/0x20
[ 7607.244776] ? refcount_warn_saturate+0xba/0x110
[ 7607.249411] skb_release_head_state+0x79/0x90
[ 7607.253790] kfree_skb_reason+0x35/0x120
[ 7607.257731] __netif_receive_skb_core.constprop.0+0x9b9/0x1060
[ 7607.263584] __netif_receive_skb_list_core+0x136/0x2c0
[ 7607.268741] netif_receive_skb_list_internal+0x1c5/0x300
[ 7607.274070] napi_complete_done+0x6f/0x1b0
[ 7607.278187] mlx5e_napi_poll+0x172/0x710 [mlx5_core]
[ 7607.283292] __napi_poll+0x29/0x1c0
[ 7607.286802] net_rx_action+0x29b/0x370
[ 7607.290554] __do_softirq+0xc8/0x2a8
[ 7607.294151] irq_exit_rcu+0xa6/0xc0
[ 7607.297660] common_interrupt+0x80/0xa0
[ 7607.301518] </IRQ>
[ 7607.303639] <TASK>
[ 7607.305764] asm_common_interrupt+0x22/0x40
[ 7607.309966] RIP: 0010:cpuidle_enter_state+0xc2/0x420
[ 7607.314952] Code: 00 e8 52 18 4b ff e8 bd f1 ff ff 8b 53 04 49 89 c5 0f 1f 44 00 00 31 ff e8 1b ee 49 ff 45 84 ff 0f 85 3a 02 00 00 fb 45 85 f6 <0f> 88 6e 01 00 00 49 63 d6 4c 2b 2c 24 48 8d 04 52 48 8d 04 82 49
[ 7607.333715] RSP: 0018:ff8591c8045efe80 EFLAGS: 00000202
[ 7607.338956] RAX: ff48456b1ff73740 RBX: ff48456b1ff7e218 RCX: 000000000000001f
[ 7607.346109] RDX: 000000000000001a RSI: 0000000040000000 RDI: 0000000000000000
[ 7607.353239] RBP: 0000000000000002 R08: 000006eb227f1a43 R09: 0000000000000000
[ 7607.360390] R10: 00000000000003e2 R11: ff48456b1ff721e4 R12: ffffffffbdab4000
[ 7607.367540] R13: 000006eb227f1a43 R14: 0000000000000002 R15: 0000000000000000
[ 7607.374694] cpuidle_enter+0x29/0x40
[ 7607.378296] cpuidle_idle_call+0xfa/0x160
[ 7607.382326] do_idle+0x7b/0xe0
[ 7607.385403] cpu_startup_entry+0x26/0x30
[ 7607.389346] start_secondary+0x115/0x140
[ 7607.393291] secondary_startup_64_no_verify+0x184/0x18b
[ 7607.398535] </TASK>
[ 7607.400743] ---[ end trace 0000000000000000 ]---
[ 7607.405389] ------------[ cut here ]------------
[ 7607.410025] kernel BUG at mm/slub.c:553!
[ 7607.413952] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[ 7607.419192] CPU: 26 PID: 0 Comm: swapper/26 Tainted: G W 6.8.0-rc4+ #1
[ 7607.427105] Hardware name: Dell Inc. PowerEdge R760/0NH8MJ, BIOS 1.3.2 03/28/2023
[ 7607.434586] RIP: 0010:kmem_cache_free+0x336/0x3d0
[ 7607.439298] Code: e9 63 fd ff ff 4c 8d 68 ff e9 e3 fd ff ff 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 ee 4c 89 ff e8 2f a0 ff ff e9 70 fe ff ff <0f> 0b 31 f6 48 89 df 4c 89 4c 24 08 e8 59 0c 8f 00 41 8b 47 08 4c
[ 7607.458047] RSP: 0018:ff8591c806ce0c70 EFLAGS: 00010246
[ 7607.463271] RAX: ff4845646aa4ce00 RBX: ff4845646aa4ce00 RCX: ff4845646aa4ce70
[ 7607.470404] RDX: 000000064f2c001a RSI: ffbb33eac6aa9300 RDI: ff484566a73e8a00
[ 7607.477536] RBP: ff8591c806ce0cb8 R08: ff484566a7272a00 R09: ffffffffbc8799b9
[ 7607.484669] R10: ff8591c806ce0b40 R11: ffffffffbd9e6368 R12: ffbb33eac6aa9300
[ 7607.491804] R13: ffbb33eac6aa9300 R14: 0000000000000000 R15: ff484566a73e8a00
[ 7607.498936] FS: 0000000000000000(0000) GS:ff48456b1ff40000(0000) knlGS:0000000000000000
[ 7607.507023] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7607.512768] CR2: 00007f9688002be8 CR3: 000000088451e002 CR4: 0000000000773ef0
[ 7607.519903] PKRU: 55555554
[ 7607.522613] Call Trace:
[ 7607.525067] <IRQ>
[ 7607.527087] ? die+0x33/0x90
[ 7607.529970] ? do_trap+0xe0/0x110
[ 7607.533291] ? kmem_cache_free+0x336/0x3d0
[ 7607.537392] ? do_error_trap+0x65/0x80
[ 7607.541143] ? kmem_cache_free+0x336/0x3d0
[ 7607.545244] ? exc_invalid_op+0x4e/0x70
[ 7607.549081] ? kmem_cache_free+0x336/0x3d0
[ 7607.553183] ? asm_exc_invalid_op+0x16/0x20
[ 7607.557368] ? __netif_receive_skb_core.constprop.0+0x9b9/0x1060
[ 7607.563373] ? kmem_cache_free+0x336/0x3d0
[ 7607.567475] ? __netif_receive_skb_core.constprop.0+0x9b9/0x1060
[ 7607.573481] __netif_receive_skb_core.constprop.0+0x9b9/0x1060
[ 7607.579313] __netif_receive_skb_list_core+0x136/0x2c0
[ 7607.584454] netif_receive_skb_list_internal+0x1c5/0x300
[ 7607.589765] napi_complete_done+0x6f/0x1b0
[ 7607.593863] mlx5e_napi_poll+0x172/0x710 [mlx5_core]
[ 7607.598934] __napi_poll+0x29/0x1c0
[ 7607.602426] net_rx_action+0x29b/0x370
[ 7607.606180] __do_softirq+0xc8/0x2a8
[ 7607.609757] irq_exit_rcu+0xa6/0xc0
[ 7607.613251] common_interrupt+0x80/0xa0
[ 7607.617091] </IRQ>
[ 7607.619196] <TASK>
[ 7607.621303] asm_common_interrupt+0x22/0x40
[ 7607.625489] RIP: 0010:cpuidle_enter_state+0xc2/0x420
[ 7607.630455] Code: 00 e8 52 18 4b ff e8 bd f1 ff ff 8b 53 04 49 89 c5 0f 1f 44 00 00 31 ff e8 1b ee 49 ff 45 84 ff 0f 85 3a 02 00 00 fb 45 85 f6 <0f> 88 6e 01 00 00 49 63 d6 4c 2b 2c 24 48 8d 04 52 48 8d 04 82 49
[ 7607.649201] RSP: 0018:ff8591c8045efe80 EFLAGS: 00000202
[ 7607.654426] RAX: ff48456b1ff73740 RBX: ff48456b1ff7e218 RCX: 000000000000001f
[ 7607.661560] RDX: 000000000000001a RSI: 0000000040000000 RDI: 0000000000000000
[ 7607.668692] RBP: 0000000000000002 R08: 000006eb227f1a43 R09: 0000000000000000
[ 7607.675828] R10: 00000000000003e2 R11: ff48456b1ff721e4 R12: ffffffffbdab4000
[ 7607.682959] R13: 000006eb227f1a43 R14: 0000000000000002 R15: 0000000000000000
[ 7607.690092] cpuidle_enter+0x29/0x40
[ 7607.693670] cpuidle_idle_call+0xfa/0x160
[ 7607.697684] do_idle+0x7b/0xe0
[ 7607.700743] cpu_startup_entry+0x26/0x30
[ 7607.704668] start_secondary+0x115/0x140
[ 7607.708595] secondary_startup_64_no_verify+0x184/0x18b
[ 7607.713821] </TASK>
[ 7607.716014] Modules linked in: binfmt_misc act_skbedit bluetooth nfsv3 nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs act_mirred cls_matchall nfnetlink_cttimeout nfnetlink act_gact cls_flower sch_ingress openvswitch nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 mlx5_vdpa vringh vhost_vdpa vhost vhost_iotlb vdpa bridge stp llc qrtr rfkill intel_rapl_msr intel_rapl_common intel_uncore_frequency intel_uncore_frequency_common intel_ifs i10nm_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp ipmi_ssif coretemp mlx5_ib acpi_ipmi ib_uverbs joydev ipmi_si kvm_intel ib_core intel_sdsi kvm ipmi_devintf dell_smbios dax_hmem irqbypass pmt_telemetry iTCO_wdt pmt_class ipmi_msghandler rapl iTCO_vendor_support cxl_acpi isst_if_mmio dell_wmi_descriptor dcdbas idxd mei_me isst_if_mbox_pci idxd_bus intel_vsec isst_if_common cxl_core i2c_ismt i2c_i801 mei intel_cstate intel_uncore wmi_bmof i2c_smbus pcspkr acpi_power_meter xfs libcrc32c sd_mod sg mgag200 i2c_algo_bit
[ 7607.716068] drm_shmem_helper mlx5_core nvme_tcp drm_kms_helper nvme_fabrics nvme_core ahci crct10dif_pclmul libahci mlxfw t10_pi crc32_pclmul crc32c_intel drm bnxt_en psample libata megaraid_sas ghash_clmulni_intel tg3 wmi pci_hyperv_intf pinctrl_emmitsburg cdc_ether usbnet mii dm_multipath sunrpc dm_mirror dm_region_hash dm_log dm_mod be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi fuse
[ 7607.846688] ---[ end trace 0000000000000000 ]---
[ 7607.945312] RIP: 0010:kmem_cache_free+0x336/0x3d0
[ 7607.950053] Code: e9 63 fd ff ff 4c 8d 68 ff e9 e3 fd ff ff 41 b8 01 00 00 00 48 89 d9 48 89 da 4c 89 ee 4c 89 ff e8 2f a0 ff ff e9 70 fe ff ff <0f> 0b 31 f6 48 89 df 4c 89 4c 24 08 e8 59 0c 8f 00 41 8b 47 08 4c
[ 7607.968812] RSP: 0018:ff8591c806ce0c70 EFLAGS: 00010246
[ 7607.974055] RAX: ff4845646aa4ce00 RBX: ff4845646aa4ce00 RCX: ff4845646aa4ce70
[ 7607.981205] RDX: 000000064f2c001a RSI: ffbb33eac6aa9300 RDI: ff484566a73e8a00
[ 7607.988355] RBP: ff8591c806ce0cb8 R08: ff484566a7272a00 R09: ffffffffbc8799b9
[ 7607.995506] R10: ff8591c806ce0b40 R11: ffffffffbd9e6368 R12: ffbb33eac6aa9300
[ 7608.002657] R13: ffbb33eac6aa9300 R14: 0000000000000000 R15: ff484566a73e8a00
[ 7608.009808] FS: 0000000000000000(0000) GS:ff48456b1ff40000(0000) knlGS:0000000000000000
[ 7608.017910] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7608.023672] CR2: 00007f9688002be8 CR3: 000000088451e002 CR4: 0000000000773ef0
[ 7608.030823] PKRU: 55555554
[ 7608.033553] Kernel panic - not syncing: Fatal exception in interrupt
[ 7608.039956] Kernel Offset: 0x3ae00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 7608.156291] ---[ end Kernel panic - not syncing: Fatal exception in interrupt ]---
next prev parent reply other threads:[~2024-02-22 3:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-19 5:06 [syzbot] [virtualization?] linux-next boot error: WARNING: refcount bug in __free_pages_ok syzbot
2024-02-19 7:35 ` Michael S. Tsirkin
2024-02-19 23:22 ` Andrew Morton
2024-02-22 3:06 ` Lei Yang [this message]
2024-02-22 15:41 ` Michael S. Tsirkin
2024-03-26 11:19 ` Tetsuo Handa
2024-04-20 9:21 ` Tetsuo Handa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPpAL=y+-YrDUsKYVBig4dc-7+Cg1Lk_VWXPOKeL=s2Fitf3mA@mail.gmail.com' \
--to=leiyang@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=jasowang@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-next@vger.kernel.org \
--cc=mst@redhat.com \
--cc=sfr@canb.auug.org.au \
--cc=syzbot+6f3c38e8a6a0297caa5a@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=virtualization@lists.linux.dev \
--cc=xuanzhuo@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.