syzbot


WARNING in __kfence_free

Status: upstream: reported on 2022/04/21 08:58
Reported-by: syzbot+ffe71f1ff7f8061bcc98@syzkaller.appspotmail.com
First crash: 110d, last: 26d

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2204 at mm/kfence/core.c:1073 __kfence_free+0x84/0xc0 mm/kfence/core.c:1073
Modules linked in:
CPU: 0 PID: 2204 Comm: syz-fuzzer Not tainted 5.19.0-rc6-syzkaller-00115-g4a57a8400075 #0
Hardware name: linux,dummy-virt (DT)
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __kfence_free+0x84/0xc0 mm/kfence/core.c:1073
lr : kfence_free include/linux/kfence.h:186 [inline]
lr : __slab_free+0x2d8/0x4cc mm/slub.c:3341
sp : ffff80000a98b800
x29: ffff80000a98b800 x28: ffff800008127468 x27: fcff000002c38900
x26: 000000000000000a x25: ffff00007b7aa000 x24: ffff00007b7d8040
x23: 0000000000000001 x22: fffffc0001edea80 x21: ffff00007b7aa000
x20: fcff000002c38900 x19: ffff80000830b44c x18: 0000000000000000
x17: ffff800075900000 x16: ffff800008004000 x15: 0000000000004000
x14: 0000000000000117 x13: 0000000000000001 x12: ffff00007fbc1c40
x11: 000000005b2d78ab x10: ffff800075900000 x9 : 0000000000000000
x8 : 0000000000000001 x7 : 00000000001aa000 x6 : ffff80000a2e0000
x5 : ffff80000830b44c x4 : ffff80000a56f170 x3 : ffff80000a2e0340
x2 : f5ff000005fad800 x1 : ffff80000a5ab210 x0 : ffff00007b7aa000
Call trace:
 __kfence_free+0x84/0xc0 mm/kfence/core.c:1073
 kfence_free include/linux/kfence.h:186 [inline]
 __slab_free+0x2d8/0x4cc mm/slub.c:3341
 do_slab_free mm/slub.c:3524 [inline]
 slab_free mm/slub.c:3537 [inline]
 kmem_cache_free+0x2a8/0x32c mm/slub.c:3553
 __d_free+0x1c/0x30 fs/dcache.c:298
 rcu_do_batch kernel/rcu/tree.c:2578 [inline]
 rcu_core+0x324/0x590 kernel/rcu/tree.c:2838
 rcu_core_si+0x10/0x20 kernel/rcu/tree.c:2855
 _stext+0x124/0x2a0
 do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
 invoke_softirq kernel/softirq.c:452 [inline]
 __irq_exit_rcu+0xe4/0x100 kernel/softirq.c:650
 irq_exit_rcu+0x10/0x1c kernel/softirq.c:662
 __el1_irq arch/arm64/kernel/entry-common.c:459 [inline]
 el1_interrupt+0x38/0x64 arch/arm64/kernel/entry-common.c:473
 el1h_64_irq_handler+0x18/0x24 arch/arm64/kernel/entry-common.c:478
 el1h_64_irq+0x64/0x68 arch/arm64/kernel/entry.S:577
 arch_local_irq_enable arch/arm64/include/asm/irqflags.h:35 [inline]
 raw_spin_rq_unlock_irq kernel/sched/sched.h:1316 [inline]
 finish_lock_switch kernel/sched/core.c:4906 [inline]
 finish_task_switch.isra.0+0x7c/0x270 kernel/sched/core.c:5024
 context_switch kernel/sched/core.c:5149 [inline]
 __schedule+0x2a8/0x7f4 kernel/sched/core.c:6458
 schedule+0x54/0xd0 kernel/sched/core.c:6530
 freezable_schedule include/linux/freezer.h:172 [inline]
 do_nanosleep.constprop.0+0x6c/0x190 kernel/time/hrtimer.c:2044
 hrtimer_nanosleep+0x9c/0x120 kernel/time/hrtimer.c:2097
 __do_sys_nanosleep kernel/time/hrtimer.c:2131 [inline]
 __se_sys_nanosleep kernel/time/hrtimer.c:2118 [inline]
 __arm64_sys_nanosleep+0x94/0xd0 kernel/time/hrtimer.c:2118
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
 el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142
 do_el0_svc+0xa0/0xc0 arch/arm64/kernel/syscall.c:206
 el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:624
 el0t_64_sync_handler+0x1ac/0x1b0 arch/arm64/kernel/entry-common.c:642
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581
---[ end trace 0000000000000000 ]---

Crashes (4):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-qemu2-arm64-mte 2022/07/14 05:47 upstream 4a57a8400075 5d921b08 .config log report info WARNING in __kfence_free
ci-qemu2-arm64-mte 2022/06/16 06:43 upstream 30306f6194ca 1719ee24 .config log report info WARNING in __kfence_free
ci-qemu2-arm64-mte 2022/05/07 17:11 upstream 4b97bac0756a e60b1103 .config log report info WARNING in __kfence_free
ci-qemu2-arm64-mte 2022/04/20 15:15 upstream 559089e0a93d 160a3f31 .config log report info WARNING in __kfence_free