syzbot

 sign-in | mailing list | source | docs
🐞 Open [988] Subsystems 🐞 Fixed [5236] 🐞 Invalid [12506] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

kernel BUG in __free_one_page

Status: auto-closed as invalid on 2022/04/15 11:31
Subsystems: fs
[Documentation on labels]
Reported-by: syzbot+afe1d3c5ccb5940c372a@syzkaller.appspotmail.com
First crash: 948d, last: 861d
Discussions (1)
Title Replies (including bot) Last reply
[syzbot] kernel BUG in __free_one_page 1 (2) 2021/09/20 07:42
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at mm/page_alloc.c:LINE! mm 33 1845d 1925d 0/26 closed as invalid on 2019/08/22 04:13

Sample crash report:
 io_mem_free.part.0+0xb0/0xb9 fs/io_uring.c:8841
 io_mem_free fs/io_uring.c:8836 [inline]
 io_ring_ctx_free fs/io_uring.c:9381 [inline]
 io_ring_exit_work+0xa4c/0xbd0 fs/io_uring.c:9533
 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
------------[ cut here ]------------
kernel BUG at mm/page_alloc.c:1071!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 18567 Comm: kworker/u4:6 Not tainted 5.16.0-rc5-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events_unbound io_ring_exit_work
RIP: 0010:__free_one_page+0xa10/0xe30 mm/page_alloc.c:1071
Code: 43 34 85 c0 0f 84 79 f9 ff ff 48 c7 c6 c0 50 b7 89 48 89 ef e8 31 e9 f6 ff 0f 0b 48 c7 c6 a0 4f b7 89 4c 89 ef e8 20 e9 f6 ff <0f> 0b 0f 0b 48 c7 c6 00 50 b7 89 4c 89 ef e8 0d e9 f6 ff 0f 0b 48
RSP: 0018:ffffc90003a6f948 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffffc90003a6fa40 RCX: 0000000000000000
RDX: ffff888079f35700 RSI: ffffffff81b3f530 RDI: 0000000000000003
RBP: 00000000000a7200 R08: 0000000000000018 R09: 00000000ffffffff
R10: ffffffff8903028e R11: 00000000ffffffff R12: 0000000000000009
R13: ffffea00029c8000 R14: 0000000000000000 R15: ffff88813fffa700
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30421000 CR3: 0000000078378000 CR4: 0000000000350ee0
Call Trace:
 <TASK>
 free_pcppages_bulk+0x533/0x8a0 mm/page_alloc.c:1531
 free_unref_page_commit.constprop.0+0x4cf/0x6f0 mm/page_alloc.c:3375
 free_unref_page+0x236/0x690 mm/page_alloc.c:3408
 io_mem_free.part.0+0xb0/0xb9 fs/io_uring.c:8841
 io_mem_free fs/io_uring.c:8836 [inline]
 io_ring_ctx_free fs/io_uring.c:9381 [inline]
 io_ring_exit_work+0xa4c/0xbd0 fs/io_uring.c:9533
 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298
 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445
 kthread+0x405/0x4f0 kernel/kthread.c:327
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295
 </TASK>
Modules linked in:
---[ end trace f02aec07598b22ee ]---
RIP: 0010:__free_one_page+0xa10/0xe30 mm/page_alloc.c:1071
Code: 43 34 85 c0 0f 84 79 f9 ff ff 48 c7 c6 c0 50 b7 89 48 89 ef e8 31 e9 f6 ff 0f 0b 48 c7 c6 a0 4f b7 89 4c 89 ef e8 20 e9 f6 ff <0f> 0b 0f 0b 48 c7 c6 00 50 b7 89 4c 89 ef e8 0d e9 f6 ff 0f 0b 48
RSP: 0018:ffffc90003a6f948 EFLAGS: 00010093
RAX: 0000000000000000 RBX: ffffc90003a6fa40 RCX: 0000000000000000
RDX: ffff888079f35700 RSI: ffffffff81b3f530 RDI: 0000000000000003
RBP: 00000000000a7200 R08: 0000000000000018 R09: 00000000ffffffff
R10: ffffffff8903028e R11: 00000000ffffffff R12: 0000000000000009
R13: ffffea00029c8000 R14: 0000000000000000 R15: ffff88813fffa700
FS:  0000000000000000(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000001b30421000 CR3: 0000000078378000 CR4: 0000000000350ee0

Crashes (9):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2021/12/16 11:30 upstream 2b14864acbaa 572bcb40 .config console log report info ci-upstream-kasan-gce-root kernel BUG in __free_one_page
2021/12/03 19:01 upstream 5f58da2befa5 c7c20675 .config console log report info ci-upstream-kasan-gce kernel BUG in __free_one_page
2021/12/03 11:50 upstream 5f58da2befa5 c7c20675 .config console log report info ci-upstream-kasan-gce kernel BUG in __free_one_page
2021/10/20 02:14 upstream d9abdee5fd5a 466b7db1 .config console log report info ci-upstream-kasan-gce kernel BUG in __free_one_page
2021/09/20 02:34 upstream d4d016caa4b8 70b76c1d .config console log report info ci-upstream-kasan-gce kernel BUG in __free_one_page
2021/12/13 09:46 linux-next ea922272cbe5 49ca1f59 .config console log report info ci-upstream-linux-next-kasan-gce-root kernel BUG in __free_one_page
2021/12/03 14:15 linux-next f81e94e91878 c7c20675 .config console log report info ci-upstream-linux-next-kasan-gce-root kernel BUG in __free_one_page
2021/11/28 09:08 linux-next f81e94e91878 63eeac02 .config console log report info ci-upstream-linux-next-kasan-gce-root kernel BUG in __free_one_page
2021/11/22 11:31 linux-next 5191249f8803 4eb20a4e .config console log report info ci-upstream-linux-next-kasan-gce-root kernel BUG in __free_one_page
* Struck through repros no longer work on HEAD.