Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
On Thu, Mar 21, 2024 at 08:52:03AM -0700, syzbot wrote: > Hello, > > syzbot tried to test the proposed patch but the build/boot failed: > > bcore: registered new interface driver viperboard > [7.297712][T1] usbcore: registered new interface driver dln2 > [7.299149][T1] usbcore: registered new interface driver pn533_usb > [7.304759][ T924] kworker/u4:1 (924) used greatest stack depth: 22768 > bytes left > [7.308971][T1] nfcsim 0.2 initialized > [7.310068][T1] usbcore: registered new interface driver port100 > [7.311312][T1] usbcore: registered new interface driver nfcmrvl > [7.318405][T1] Loading iSCSI transport class v2.0-870. > [7.334687][T1] virtio_scsi virtio0: 1/0/0 default/read/poll queues > [7.344927][T1] [ cut here ] > [7.345739][T1] refcount_t: decrement hit 0; leaking memory. This confirms that the following commit introduced this issue: commit 217b2119b9e260609958db413876f211038f00ee Author: Oscar Salvador Date: Thu Feb 15 22:59:04 2024 +0100 mm,page_owner: implement the tracking of the stacks count Mike: thanks for pointing out the fix that Oscar is working on! Oscar: Please add the syzbot trailer to the next revision of your "[PATCH v2 0/2] page_owner: Refcount fixups" series so this issue can be closed. > [7.346982][T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 > refcount_warn_saturate+0xfa/0x1d0 > [7.348761][T1] Modules linked in: > [7.349418][T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted > 6.8.0-rc5-syzkaller-00257-g217b2119b9e2 #0 > [7.351070][T1] Hardware name: Google Google Compute Engine/Google > Compute Engine, BIOS Google 02/29/2024 > [7.352824][T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 > [7.353979][T1] Code: b2 00 00 00 e8 97 2d fc fc 5b 5d c3 cc cc cc cc > e8 8b 2d fc fc c6 05 0d d9 d6 0a 01 90 48 c7 c7 a0 46 fd 8b e8 e7 2c c0 fc 90 > <0f> 0b 90 90 eb d9 e8 6b 2d fc fc c6 05 ea d8 d6 0a 01 90 48 c7 c7 > [7.358181][T1] RSP: :c9066e10 EFLAGS: 00010246 > [7.360206][T1] RAX: 67b097fa09053300 RBX: 88814073377c RCX: > 8880166c > [7.362234][T1] RDX: RSI: RDI: > > [7.363496][T1] RBP: 0004 R08: 81589d62 R09: > 1920cd14 > [7.365139][T1] R10: dc00 R11: f520cd15 R12: > ea000501edc0 > [7.366612][T1] R13: ea000501edc8 R14: 1d4000a03db9 R15: > > [7.368171][T1] FS: () GS:8880b940() > knlGS: > [7.370111][T1] CS: 0010 DS: ES: CR0: 80050033 > [7.371030][T1] CR2: 88823000 CR3: 0df34000 CR4: > 003506f0 > [7.372121][T1] DR0: DR1: DR2: > > [7.373506][T1] DR3: DR6: fffe0ff0 DR7: > 0400 > [7.374889][T1] Call Trace: > [7.375371][T1] > [7.375798][T1] ? __warn+0x162/0x4b0 > [7.376442][T1] ? refcount_warn_saturate+0xfa/0x1d0 > [7.377482][T1] ? report_bug+0x2b3/0x500 > [7.378161][T1] ? refcount_warn_saturate+0xfa/0x1d0 > [7.379268][T1] ? handle_bug+0x3e/0x70 > [7.379887][T1] ? exc_invalid_op+0x1a/0x50 > [7.380563][T1] ? asm_exc_invalid_op+0x1a/0x20 > [7.381253][T1] ? __warn_printk+0x292/0x360 > [7.381912][T1] ? refcount_warn_saturate+0xfa/0x1d0 > [7.382752][T1] __free_pages_ok+0xc36/0xd60 > [7.384180][T1] make_alloc_exact+0xc4/0x140 > [7.385037][T1] vring_alloc_queue_split+0x20a/0x600 > [7.386037][T1] ? __pfx_vring_alloc_queue_split+0x10/0x10 > [7.387029][T1] ? vp_find_vqs+0x4c/0x4e0 > [7.387719][T1] ? virtscsi_probe+0x3ea/0xf60 > [7.388408][T1] ? virtio_dev_probe+0x991/0xaf0 > [7.389665][T1] ? really_probe+0x29e/0xc50 > [7.390429][T1] ? driver_probe_device+0x50/0x430 > [7.391176][T1] vring_create_virtqueue_split+0xc6/0x310 > [7.392014][T1] ? ret_from_fork+0x4b/0x80 > [7.392800][T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10 > [7.394115][T1] vring_create_virtqueue+0xca/0x110 > [7.395151][T1] ? __pfx_vp_notify+0x10/0x10 > [7.395888][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [7.396674][T1] setup_vq+0xe9/0x2d0 > [7.397283][T1] ? __pfx_vp_notify+0x10/0x10 > [7.397938][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [7.398806][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [7.399938][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [7.400951][T1] vp_setup_vq+0xbf/0x330 > [7.401889][T1] ? __pfx_vp_config_changed+0x10/0x10 > [7.403092][T1] ? ioread16+0x2f/0x90 > [7.403909][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
Hello, syzbot tried to test the proposed patch but the build/boot failed: bcore: registered new interface driver viperboard [7.297712][T1] usbcore: registered new interface driver dln2 [7.299149][T1] usbcore: registered new interface driver pn533_usb [7.304759][ T924] kworker/u4:1 (924) used greatest stack depth: 22768 bytes left [7.308971][T1] nfcsim 0.2 initialized [7.310068][T1] usbcore: registered new interface driver port100 [7.311312][T1] usbcore: registered new interface driver nfcmrvl [7.318405][T1] Loading iSCSI transport class v2.0-870. [7.334687][T1] virtio_scsi virtio0: 1/0/0 default/read/poll queues [7.344927][T1] [ cut here ] [7.345739][T1] refcount_t: decrement hit 0; leaking memory. [7.346982][T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 [7.348761][T1] Modules linked in: [7.349418][T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc5-syzkaller-00257-g217b2119b9e2 #0 [7.351070][T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [7.352824][T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [7.353979][T1] Code: b2 00 00 00 e8 97 2d fc fc 5b 5d c3 cc cc cc cc e8 8b 2d fc fc c6 05 0d d9 d6 0a 01 90 48 c7 c7 a0 46 fd 8b e8 e7 2c c0 fc 90 <0f> 0b 90 90 eb d9 e8 6b 2d fc fc c6 05 ea d8 d6 0a 01 90 48 c7 c7 [7.358181][T1] RSP: :c9066e10 EFLAGS: 00010246 [7.360206][T1] RAX: 67b097fa09053300 RBX: 88814073377c RCX: 8880166c [7.362234][T1] RDX: RSI: RDI: [7.363496][T1] RBP: 0004 R08: 81589d62 R09: 1920cd14 [7.365139][T1] R10: dc00 R11: f520cd15 R12: ea000501edc0 [7.366612][T1] R13: ea000501edc8 R14: 1d4000a03db9 R15: [7.368171][T1] FS: () GS:8880b940() knlGS: [7.370111][T1] CS: 0010 DS: ES: CR0: 80050033 [7.371030][T1] CR2: 88823000 CR3: 0df34000 CR4: 003506f0 [7.372121][T1] DR0: DR1: DR2: [7.373506][T1] DR3: DR6: fffe0ff0 DR7: 0400 [7.374889][T1] Call Trace: [7.375371][T1] [7.375798][T1] ? __warn+0x162/0x4b0 [7.376442][T1] ? refcount_warn_saturate+0xfa/0x1d0 [7.377482][T1] ? report_bug+0x2b3/0x500 [7.378161][T1] ? refcount_warn_saturate+0xfa/0x1d0 [7.379268][T1] ? handle_bug+0x3e/0x70 [7.379887][T1] ? exc_invalid_op+0x1a/0x50 [7.380563][T1] ? asm_exc_invalid_op+0x1a/0x20 [7.381253][T1] ? __warn_printk+0x292/0x360 [7.381912][T1] ? refcount_warn_saturate+0xfa/0x1d0 [7.382752][T1] __free_pages_ok+0xc36/0xd60 [7.384180][T1] make_alloc_exact+0xc4/0x140 [7.385037][T1] vring_alloc_queue_split+0x20a/0x600 [7.386037][T1] ? __pfx_vring_alloc_queue_split+0x10/0x10 [7.387029][T1] ? vp_find_vqs+0x4c/0x4e0 [7.387719][T1] ? virtscsi_probe+0x3ea/0xf60 [7.388408][T1] ? virtio_dev_probe+0x991/0xaf0 [7.389665][T1] ? really_probe+0x29e/0xc50 [7.390429][T1] ? driver_probe_device+0x50/0x430 [7.391176][T1] vring_create_virtqueue_split+0xc6/0x310 [7.392014][T1] ? ret_from_fork+0x4b/0x80 [7.392800][T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10 [7.394115][T1] vring_create_virtqueue+0xca/0x110 [7.395151][T1] ? __pfx_vp_notify+0x10/0x10 [7.395888][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.396674][T1] setup_vq+0xe9/0x2d0 [7.397283][T1] ? __pfx_vp_notify+0x10/0x10 [7.397938][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.398806][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.399938][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.400951][T1] vp_setup_vq+0xbf/0x330 [7.401889][T1] ? __pfx_vp_config_changed+0x10/0x10 [7.403092][T1] ? ioread16+0x2f/0x90 [7.403909][T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [7.405136][T1] vp_find_vqs_msix+0x8b2/0xc80 [7.405892][T1] vp_find_vqs+0x4c/0x4e0 [7.406823][T1] virtscsi_init+0x8db/0xd00 [7.407669][T1] ? __pfx_virtscsi_init+0x10/0x10 [7.408413][T1] ? __pfx_default_calc_sets+0x10/0x10 [7.409369][T1] ? scsi_host_alloc+0xa57/0xea0 [7.410333][T1] ? vp_get+0xfd/0x140 [7.410899][T1] virtscsi_probe+0x3ea/0xf60 [7.411673][T1] ? __pfx_virtscsi_probe+0x10/0x10 [7.412520][T1] ? kernfs_add_one+0x159/0x8b0 [7.413222][T1] ? virtio_no_restricted_mem_acc+0x9/0x10 [7.414081][T1] ? virtio_features_ok+0x10c/0x270 [7.414875][T1]
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
On Wed, Mar 20, 2024 at 01:08:02PM -0700, syzbot wrote: > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger any > issue: > > Reported-and-tested-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com > > Tested on: > > commit: 4bedfb31 mm,page_owner: maintain own list of stack_rec.. > git tree: > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git > kernel config: https://syzkaller.appspot.com/x/.config?x=527195e149aa3091 > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) > 2.40 > > Note: no patches were applied. > Note: testing is done by a robot and is best-effort only. > Good, that was the expected last working commit. Here is the next commit (it should fail): #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 217b2119b9e260609958db413876f211038f00ee signature.asc Description: PGP signature
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com Tested on: commit: 4bedfb31 mm,page_owner: maintain own list of stack_rec.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git kernel config: https://syzkaller.appspot.com/x/.config?x=527195e149aa3091 dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. Note: testing is done by a robot and is best-effort only.
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
On Tue, Mar 19, 2024 at 03:51:18PM -0500, Mike Christie wrote: > On 3/19/24 12:19 PM, Stefan Hajnoczi wrote: > > On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: > >> On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > >>> Hello, > >>> > >>> syzbot found the following issue on: > >>> > >>> HEAD commit:b3603fcb79b1 Merge tag 'dlm-6.9' of > >>> git://git.kernel.org/p.. > >>> git tree: upstream > >>> console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c8118 > >>> kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > >>> dashboard link: > >>> https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > >>> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for > >>> Debian) 2.40 > >>> > >>> Downloadable assets: > >>> disk image: > >>> https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > >>> vmlinux: > >>> https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > >>> kernel image: > >>> https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > >>> > >>> IMPORTANT: if you fix the issue, please add the following tag to the > >>> commit: > >>> Reported-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com > >>> > >>> Key type pkcs7_test registered > >>> Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > >>> io scheduler mq-deadline registered > >>> io scheduler kyber registered > >>> io scheduler bfq registered > >>> input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > >>> ACPI: button: Power Button [PWRF] > >>> input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > >>> ACPI: button: Sleep Button [SLPF] > >>> ioatdma: Intel(R) QuickData Technology Driver 5.00 > >>> ACPI: \_SB_.LNKC: Enabled at IRQ 11 > >>> virtio-pci :00:03.0: virtio_pci: leaving for legacy driver > >>> ACPI: \_SB_.LNKD: Enabled at IRQ 10 > >>> virtio-pci :00:04.0: virtio_pci: leaving for legacy driver > >>> ACPI: \_SB_.LNKB: Enabled at IRQ 10 > >>> virtio-pci :00:06.0: virtio_pci: leaving for legacy driver > >>> virtio-pci :00:07.0: virtio_pci: leaving for legacy driver > >>> N_HDLC line discipline registered with maxframe=4096 > >>> Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > >>> 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > >>> 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > >>> 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > >>> 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > >>> Non-volatile memory driver v1.3 > >>> Linux agpgart interface v0.103 > >>> ACPI: bus type drm_connector registered > >>> [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > >>> [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > >>> Console: switching to colour frame buffer device 128x48 > >>> platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > >>> usbcore: registered new interface driver udl > >>> brd: module loaded > >>> loop: module loaded > >>> zram: Added device: zram0 > >>> null_blk: disk nullb0 created > >>> null_blk: module loaded > >>> Guest personality initialized and is inactive > >>> VMCI host device registered (name=vmci, major=10, minor=118) > >>> Initialized host personality > >>> usbcore: registered new interface driver rtsx_usb > >>> usbcore: registered new interface driver viperboard > >>> usbcore: registered new interface driver dln2 > >>> usbcore: registered new interface driver pn533_usb > >>> nfcsim 0.2 initialized > >>> usbcore: registered new interface driver port100 > >>> usbcore: registered new interface driver nfcmrvl > >>> Loading iSCSI transport class v2.0-870. > >>> virtio_scsi virtio0: 1/0/0 default/read/poll queues > >>> [ cut here ] > >>> refcount_t: decrement hit 0; leaking memory. > >>> WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 > >>> refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > >>> Modules linked in: > >>> CPU: 0 PID: 1 Comm: swapper/0 Not tainted > >>> 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 > >>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > >>> Google 02/29/2024 > >>> RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > >>> Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 > >>> 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 > >>> eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > >>> RSP: :c9066e18 EFLAGS: 00010246 > >>> RAX: 76f86e452fcad900 RBX: 8880210d2aec RCX: 888016ac8000 > >>> RDX: RSI: RDI: > >>> RBP: 0004 R08: 8157ffe2 R09: fbfff1c396e0 > >>> R10: dc00 R11: fbfff1c396e0 R12: ea000502cdc0 > >>> R13: ea000502cdc8 R14: 1d4000a059b9 R15: > >>> FS: ()
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com Tested on: commit: 52998cdd Merge branch '6.8/scsi-staging' into 6.8/scsi.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git kernel config: https://syzkaller.appspot.com/x/.config?x=7b1f286a7e950707 dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. Note: testing is done by a robot and is best-effort only.
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
On 3/19/24 12:19 PM, Stefan Hajnoczi wrote: > On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: >> On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: >>> Hello, >>> >>> syzbot found the following issue on: >>> >>> HEAD commit:b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. >>> git tree: upstream >>> console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c8118 >>> kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 >>> dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 >>> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for >>> Debian) 2.40 >>> >>> Downloadable assets: >>> disk image: >>> https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz >>> vmlinux: >>> https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz >>> kernel image: >>> https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz >>> >>> IMPORTANT: if you fix the issue, please add the following tag to the commit: >>> Reported-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com >>> >>> Key type pkcs7_test registered >>> Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) >>> io scheduler mq-deadline registered >>> io scheduler kyber registered >>> io scheduler bfq registered >>> input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 >>> ACPI: button: Power Button [PWRF] >>> input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 >>> ACPI: button: Sleep Button [SLPF] >>> ioatdma: Intel(R) QuickData Technology Driver 5.00 >>> ACPI: \_SB_.LNKC: Enabled at IRQ 11 >>> virtio-pci :00:03.0: virtio_pci: leaving for legacy driver >>> ACPI: \_SB_.LNKD: Enabled at IRQ 10 >>> virtio-pci :00:04.0: virtio_pci: leaving for legacy driver >>> ACPI: \_SB_.LNKB: Enabled at IRQ 10 >>> virtio-pci :00:06.0: virtio_pci: leaving for legacy driver >>> virtio-pci :00:07.0: virtio_pci: leaving for legacy driver >>> N_HDLC line discipline registered with maxframe=4096 >>> Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled >>> 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A >>> 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A >>> 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A >>> 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A >>> Non-volatile memory driver v1.3 >>> Linux agpgart interface v0.103 >>> ACPI: bus type drm_connector registered >>> [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 >>> [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 >>> Console: switching to colour frame buffer device 128x48 >>> platform vkms: [drm] fb0: vkmsdrmfb frame buffer device >>> usbcore: registered new interface driver udl >>> brd: module loaded >>> loop: module loaded >>> zram: Added device: zram0 >>> null_blk: disk nullb0 created >>> null_blk: module loaded >>> Guest personality initialized and is inactive >>> VMCI host device registered (name=vmci, major=10, minor=118) >>> Initialized host personality >>> usbcore: registered new interface driver rtsx_usb >>> usbcore: registered new interface driver viperboard >>> usbcore: registered new interface driver dln2 >>> usbcore: registered new interface driver pn533_usb >>> nfcsim 0.2 initialized >>> usbcore: registered new interface driver port100 >>> usbcore: registered new interface driver nfcmrvl >>> Loading iSCSI transport class v2.0-870. >>> virtio_scsi virtio0: 1/0/0 default/read/poll queues >>> [ cut here ] >>> refcount_t: decrement hit 0; leaking memory. >>> WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 >>> refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 >>> Modules linked in: >>> CPU: 0 PID: 1 Comm: swapper/0 Not tainted >>> 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 >>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS >>> Google 02/29/2024 >>> RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 >>> Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 >>> 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb >>> d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 >>> RSP: :c9066e18 EFLAGS: 00010246 >>> RAX: 76f86e452fcad900 RBX: 8880210d2aec RCX: 888016ac8000 >>> RDX: RSI: RDI: >>> RBP: 0004 R08: 8157ffe2 R09: fbfff1c396e0 >>> R10: dc00 R11: fbfff1c396e0 R12: ea000502cdc0 >>> R13: ea000502cdc8 R14: 1d4000a059b9 R15: >>> FS: () GS:8880b940() knlGS: >>> CS: 0010 DS: ES: CR0: 80050033 >>> CR2: 88823000 CR3: 0e132000 CR4: 003506f0 >>> DR0: DR1: DR2: >>> DR3: DR6: fffe0ff0 DR7:
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 52998cdd8d3438df9a77c858a827b8932da1bb28 This is the last time virtio_scsi.c was touched. If the test passes then the issue is probably in another subsystem and we can bisect more recent commits. If it fails, then older virtio_scsi.c commits need to be bisected. Stefan signature.asc Description: PGP signature
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
On Tue, Mar 19, 2024 at 01:19:23PM -0400, Stefan Hajnoczi wrote: > On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: > > On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit:b3603fcb79b1 Merge tag 'dlm-6.9' of > > > git://git.kernel.org/p.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c8118 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > > > dashboard link: > > > https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for > > > Debian) 2.40 > > > > > > Downloadable assets: > > > disk image: > > > https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > > > vmlinux: > > > https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > > > kernel image: > > > https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the > > > commit: > > > Reported-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com > > > > > > Key type pkcs7_test registered > > > Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > > > io scheduler mq-deadline registered > > > io scheduler kyber registered > > > io scheduler bfq registered > > > input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > > > ACPI: button: Power Button [PWRF] > > > input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > > > ACPI: button: Sleep Button [SLPF] > > > ioatdma: Intel(R) QuickData Technology Driver 5.00 > > > ACPI: \_SB_.LNKC: Enabled at IRQ 11 > > > virtio-pci :00:03.0: virtio_pci: leaving for legacy driver > > > ACPI: \_SB_.LNKD: Enabled at IRQ 10 > > > virtio-pci :00:04.0: virtio_pci: leaving for legacy driver > > > ACPI: \_SB_.LNKB: Enabled at IRQ 10 > > > virtio-pci :00:06.0: virtio_pci: leaving for legacy driver > > > virtio-pci :00:07.0: virtio_pci: leaving for legacy driver > > > N_HDLC line discipline registered with maxframe=4096 > > > Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > > > 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > > > 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > > > 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > > > 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > > > Non-volatile memory driver v1.3 > > > Linux agpgart interface v0.103 > > > ACPI: bus type drm_connector registered > > > [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > > > [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > > > Console: switching to colour frame buffer device 128x48 > > > platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > > > usbcore: registered new interface driver udl > > > brd: module loaded > > > loop: module loaded > > > zram: Added device: zram0 > > > null_blk: disk nullb0 created > > > null_blk: module loaded > > > Guest personality initialized and is inactive > > > VMCI host device registered (name=vmci, major=10, minor=118) > > > Initialized host personality > > > usbcore: registered new interface driver rtsx_usb > > > usbcore: registered new interface driver viperboard > > > usbcore: registered new interface driver dln2 > > > usbcore: registered new interface driver pn533_usb > > > nfcsim 0.2 initialized > > > usbcore: registered new interface driver port100 > > > usbcore: registered new interface driver nfcmrvl > > > Loading iSCSI transport class v2.0-870. > > > virtio_scsi virtio0: 1/0/0 default/read/poll queues > > > [ cut here ] > > > refcount_t: decrement hit 0; leaking memory. > > > WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 > > > refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > > Modules linked in: > > > CPU: 0 PID: 1 Comm: swapper/0 Not tainted > > > 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > > Google 02/29/2024 > > > RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > > Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 > > > 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 > > > eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > > > RSP: :c9066e18 EFLAGS: 00010246 > > > RAX: 76f86e452fcad900 RBX: 8880210d2aec RCX: 888016ac8000 > > > RDX: RSI: RDI: > > > RBP: 0004 R08: 8157ffe2 R09: fbfff1c396e0 > > > R10: dc00 R11: fbfff1c396e0 R12: ea000502cdc0 > > > R13: ea000502cdc8 R14: 1d4000a059b9 R15: > > > FS: () GS:8880b940() > > > knlGS: > > > CS:
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: > On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit:b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c8118 > > kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for > > Debian) 2.40 > > > > Downloadable assets: > > disk image: > > https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > > vmlinux: > > https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > > kernel image: > > https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com > > > > Key type pkcs7_test registered > > Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > > io scheduler mq-deadline registered > > io scheduler kyber registered > > io scheduler bfq registered > > input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > > ACPI: button: Power Button [PWRF] > > input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > > ACPI: button: Sleep Button [SLPF] > > ioatdma: Intel(R) QuickData Technology Driver 5.00 > > ACPI: \_SB_.LNKC: Enabled at IRQ 11 > > virtio-pci :00:03.0: virtio_pci: leaving for legacy driver > > ACPI: \_SB_.LNKD: Enabled at IRQ 10 > > virtio-pci :00:04.0: virtio_pci: leaving for legacy driver > > ACPI: \_SB_.LNKB: Enabled at IRQ 10 > > virtio-pci :00:06.0: virtio_pci: leaving for legacy driver > > virtio-pci :00:07.0: virtio_pci: leaving for legacy driver > > N_HDLC line discipline registered with maxframe=4096 > > Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > > 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > > 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > > 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > > 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > > Non-volatile memory driver v1.3 > > Linux agpgart interface v0.103 > > ACPI: bus type drm_connector registered > > [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > > [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > > Console: switching to colour frame buffer device 128x48 > > platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > > usbcore: registered new interface driver udl > > brd: module loaded > > loop: module loaded > > zram: Added device: zram0 > > null_blk: disk nullb0 created > > null_blk: module loaded > > Guest personality initialized and is inactive > > VMCI host device registered (name=vmci, major=10, minor=118) > > Initialized host personality > > usbcore: registered new interface driver rtsx_usb > > usbcore: registered new interface driver viperboard > > usbcore: registered new interface driver dln2 > > usbcore: registered new interface driver pn533_usb > > nfcsim 0.2 initialized > > usbcore: registered new interface driver port100 > > usbcore: registered new interface driver nfcmrvl > > Loading iSCSI transport class v2.0-870. > > virtio_scsi virtio0: 1/0/0 default/read/poll queues > > [ cut here ] > > refcount_t: decrement hit 0; leaking memory. > > WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 > > refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > Modules linked in: > > CPU: 0 PID: 1 Comm: swapper/0 Not tainted > > 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 02/29/2024 > > RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 > > 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb > > d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > > RSP: :c9066e18 EFLAGS: 00010246 > > RAX: 76f86e452fcad900 RBX: 8880210d2aec RCX: 888016ac8000 > > RDX: RSI: RDI: > > RBP: 0004 R08: 8157ffe2 R09: fbfff1c396e0 > > R10: dc00 R11: fbfff1c396e0 R12: ea000502cdc0 > > R13: ea000502cdc8 R14: 1d4000a059b9 R15: > > FS: () GS:8880b940() knlGS: > > CS: 0010 DS: ES: CR0: 80050033 > > CR2: 88823000 CR3: 0e132000 CR4: 003506f0 > > DR0: DR1: DR2: > > DR3: DR6: fffe0ff0 DR7: 0400 > > Call Trace: > > > >
Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok
On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit:b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c8118 > kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) > 2.40 > > Downloadable assets: > disk image: > https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > vmlinux: > https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > kernel image: > https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+70f57d8a3ae84934c...@syzkaller.appspotmail.com > > Key type pkcs7_test registered > Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > io scheduler mq-deadline registered > io scheduler kyber registered > io scheduler bfq registered > input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > ACPI: button: Power Button [PWRF] > input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > ACPI: button: Sleep Button [SLPF] > ioatdma: Intel(R) QuickData Technology Driver 5.00 > ACPI: \_SB_.LNKC: Enabled at IRQ 11 > virtio-pci :00:03.0: virtio_pci: leaving for legacy driver > ACPI: \_SB_.LNKD: Enabled at IRQ 10 > virtio-pci :00:04.0: virtio_pci: leaving for legacy driver > ACPI: \_SB_.LNKB: Enabled at IRQ 10 > virtio-pci :00:06.0: virtio_pci: leaving for legacy driver > virtio-pci :00:07.0: virtio_pci: leaving for legacy driver > N_HDLC line discipline registered with maxframe=4096 > Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > Non-volatile memory driver v1.3 > Linux agpgart interface v0.103 > ACPI: bus type drm_connector registered > [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > Console: switching to colour frame buffer device 128x48 > platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > usbcore: registered new interface driver udl > brd: module loaded > loop: module loaded > zram: Added device: zram0 > null_blk: disk nullb0 created > null_blk: module loaded > Guest personality initialized and is inactive > VMCI host device registered (name=vmci, major=10, minor=118) > Initialized host personality > usbcore: registered new interface driver rtsx_usb > usbcore: registered new interface driver viperboard > usbcore: registered new interface driver dln2 > usbcore: registered new interface driver pn533_usb > nfcsim 0.2 initialized > usbcore: registered new interface driver port100 > usbcore: registered new interface driver nfcmrvl > Loading iSCSI transport class v2.0-870. > virtio_scsi virtio0: 1/0/0 default/read/poll queues > [ cut here ] > refcount_t: decrement hit 0; leaking memory. > WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 > lib/refcount.c:31 > Modules linked in: > CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-11567-gb3603fcb79b1 > #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 02/29/2024 > RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 0c > f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb d9 e8 > 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > RSP: :c9066e18 EFLAGS: 00010246 > RAX: 76f86e452fcad900 RBX: 8880210d2aec RCX: 888016ac8000 > RDX: RSI: RDI: > RBP: 0004 R08: 8157ffe2 R09: fbfff1c396e0 > R10: dc00 R11: fbfff1c396e0 R12: ea000502cdc0 > R13: ea000502cdc8 R14: 1d4000a059b9 R15: > FS: () GS:8880b940() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 88823000 CR3: 0e132000 CR4: 003506f0 > DR0: DR1: DR2: > DR3: DR6: fffe0ff0 DR7: 0400 > Call Trace: > > reset_page_owner include/linux/page_owner.h:25 [inline] > free_pages_prepare mm/page_alloc.c:1141 [inline] > __free_pages_ok+0xc54/0xd80 mm/page_alloc.c:1270 > make_alloc_exact+0xa3/0xf0 mm/page_alloc.c:4829 > vring_alloc_queue drivers/virtio/virtio_ring.c:319
