* [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok @ 2024-03-19 7:32 syzbot 2024-03-19 7:40 ` Michael S. Tsirkin 2024-03-26 11:14 ` Tetsuo Handa 0 siblings, 2 replies; 14+ messages in thread From: syzbot @ 2024-03-19 7:32 UTC (permalink / raw) To: jasowang, linux-kernel, mst, syzkaller-bugs, virtualization, xuanzhuo Hello, syzbot found the following issue on: HEAD commit: b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c81180000 kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Downloadable assets: disk image: https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz kernel image: https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com Key type pkcs7_test registered Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) io scheduler mq-deadline registered io scheduler kyber registered io scheduler bfq registered input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 ACPI: button: Power Button [PWRF] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 ACPI: button: Sleep Button [SLPF] ioatdma: Intel(R) QuickData Technology Driver 5.00 ACPI: \_SB_.LNKC: Enabled at IRQ 11 virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKD: Enabled at IRQ 10 virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver ACPI: \_SB_.LNKB: Enabled at IRQ 10 virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver N_HDLC line discipline registered with maxframe=4096 Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A Non-volatile memory driver v1.3 Linux agpgart interface v0.103 ACPI: bus type drm_connector registered [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 Console: switching to colour frame buffer device 128x48 platform vkms: [drm] fb0: vkmsdrmfb frame buffer device usbcore: registered new interface driver udl brd: module loaded loop: module loaded zram: Added device: zram0 null_blk: disk nullb0 created null_blk: module loaded Guest personality initialized and is inactive VMCI host device registered (name=vmci, major=10, minor=118) Initialized host personality usbcore: registered new interface driver rtsx_usb usbcore: registered new interface driver viperboard usbcore: registered new interface driver dln2 usbcore: registered new interface driver pn533_usb nfcsim 0.2 initialized usbcore: registered new interface driver port100 usbcore: registered new interface driver nfcmrvl Loading iSCSI transport class v2.0-870. virtio_scsi virtio0: 1/0/0 default/read/poll queues ------------[ cut here ]------------ refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 RSP: 0000:ffffc90000066e18 EFLAGS: 00010246 RAX: 76f86e452fcad900 RBX: ffff8880210d2aec RCX: ffff888016ac8000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000004 R08: ffffffff8157ffe2 R09: fffffbfff1c396e0 R10: dffffc0000000000 R11: fffffbfff1c396e0 R12: ffffea000502cdc0 R13: ffffea000502cdc8 R14: 1ffffd4000a059b9 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff88823ffff000 CR3: 000000000e132000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1141 [inline] __free_pages_ok+0xc54/0xd80 mm/page_alloc.c:1270 make_alloc_exact+0xa3/0xf0 mm/page_alloc.c:4829 vring_alloc_queue drivers/virtio/virtio_ring.c:319 [inline] vring_alloc_queue_split+0x20a/0x600 drivers/virtio/virtio_ring.c:1108 vring_create_virtqueue_split+0xc6/0x310 drivers/virtio/virtio_ring.c:1158 vring_create_virtqueue+0xca/0x110 drivers/virtio/virtio_ring.c:2683 setup_vq+0xe9/0x2d0 drivers/virtio/virtio_pci_legacy.c:131 vp_setup_vq+0xbf/0x330 drivers/virtio/virtio_pci_common.c:189 vp_find_vqs_msix+0x8b2/0xc80 drivers/virtio/virtio_pci_common.c:331 vp_find_vqs+0x4c/0x4e0 drivers/virtio/virtio_pci_common.c:408 virtio_find_vqs include/linux/virtio_config.h:233 [inline] virtscsi_init+0x8db/0xd00 drivers/scsi/virtio_scsi.c:887 virtscsi_probe+0x3ea/0xf60 drivers/scsi/virtio_scsi.c:945 virtio_dev_probe+0x991/0xaf0 drivers/virtio/virtio.c:311 really_probe+0x29e/0xc50 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x3e0 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 __driver_attach+0x45f/0x710 drivers/base/dd.c:1216 bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368 bus_add_driver+0x347/0x620 drivers/base/bus.c:673 driver_register+0x23a/0x320 drivers/base/driver.c:246 virtio_scsi_init+0x65/0xe0 drivers/scsi/virtio_scsi.c:1083 do_one_initcall+0x248/0x880 init/main.c:1238 do_initcall_level+0x157/0x210 init/main.c:1300 do_initcalls+0x3f/0x80 init/main.c:1316 kernel_init_freeable+0x435/0x5d0 init/main.c:1548 kernel_init+0x1d/0x2b0 init/main.c:1437 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller@googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 7:32 [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok syzbot @ 2024-03-19 7:40 ` Michael S. Tsirkin 2024-03-19 17:19 ` Stefan Hajnoczi 2024-03-19 18:59 ` Stefan Hajnoczi 2024-03-26 11:14 ` Tetsuo Handa 1 sibling, 2 replies; 14+ messages in thread From: Michael S. Tsirkin @ 2024-03-19 7:40 UTC (permalink / raw) To: syzbot Cc: jasowang, linux-kernel, syzkaller-bugs, virtualization, xuanzhuo, Paolo Bonzini, Stefan Hajnoczi On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c81180000 > kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > Downloadable assets: > disk image: https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > kernel image: https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com > > Key type pkcs7_test registered > Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > io scheduler mq-deadline registered > io scheduler kyber registered > io scheduler bfq registered > input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > ACPI: button: Power Button [PWRF] > input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > ACPI: button: Sleep Button [SLPF] > ioatdma: Intel(R) QuickData Technology Driver 5.00 > ACPI: \_SB_.LNKC: Enabled at IRQ 11 > virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver > ACPI: \_SB_.LNKD: Enabled at IRQ 10 > virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver > ACPI: \_SB_.LNKB: Enabled at IRQ 10 > virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver > virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver > N_HDLC line discipline registered with maxframe=4096 > Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > Non-volatile memory driver v1.3 > Linux agpgart interface v0.103 > ACPI: bus type drm_connector registered > [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > Console: switching to colour frame buffer device 128x48 > platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > usbcore: registered new interface driver udl > brd: module loaded > loop: module loaded > zram: Added device: zram0 > null_blk: disk nullb0 created > null_blk: module loaded > Guest personality initialized and is inactive > VMCI host device registered (name=vmci, major=10, minor=118) > Initialized host personality > usbcore: registered new interface driver rtsx_usb > usbcore: registered new interface driver viperboard > usbcore: registered new interface driver dln2 > usbcore: registered new interface driver pn533_usb > nfcsim 0.2 initialized > usbcore: registered new interface driver port100 > usbcore: registered new interface driver nfcmrvl > Loading iSCSI transport class v2.0-870. > virtio_scsi virtio0: 1/0/0 default/read/poll queues > ------------[ cut here ]------------ > refcount_t: decrement hit 0; leaking memory. > WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > Modules linked in: > CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 > RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > RSP: 0000:ffffc90000066e18 EFLAGS: 00010246 > RAX: 76f86e452fcad900 RBX: ffff8880210d2aec RCX: ffff888016ac8000 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > RBP: 0000000000000004 R08: ffffffff8157ffe2 R09: fffffbfff1c396e0 > R10: dffffc0000000000 R11: fffffbfff1c396e0 R12: ffffea000502cdc0 > R13: ffffea000502cdc8 R14: 1ffffd4000a059b9 R15: 0000000000000000 > FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: ffff88823ffff000 CR3: 000000000e132000 CR4: 00000000003506f0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > <TASK> > reset_page_owner include/linux/page_owner.h:25 [inline] > free_pages_prepare mm/page_alloc.c:1141 [inline] > __free_pages_ok+0xc54/0xd80 mm/page_alloc.c:1270 > make_alloc_exact+0xa3/0xf0 mm/page_alloc.c:4829 > vring_alloc_queue drivers/virtio/virtio_ring.c:319 [inline] > vring_alloc_queue_split+0x20a/0x600 drivers/virtio/virtio_ring.c:1108 > vring_create_virtqueue_split+0xc6/0x310 drivers/virtio/virtio_ring.c:1158 > vring_create_virtqueue+0xca/0x110 drivers/virtio/virtio_ring.c:2683 > setup_vq+0xe9/0x2d0 drivers/virtio/virtio_pci_legacy.c:131 > vp_setup_vq+0xbf/0x330 drivers/virtio/virtio_pci_common.c:189 > vp_find_vqs_msix+0x8b2/0xc80 drivers/virtio/virtio_pci_common.c:331 > vp_find_vqs+0x4c/0x4e0 drivers/virtio/virtio_pci_common.c:408 > virtio_find_vqs include/linux/virtio_config.h:233 [inline] > virtscsi_init+0x8db/0xd00 drivers/scsi/virtio_scsi.c:887 > virtscsi_probe+0x3ea/0xf60 drivers/scsi/virtio_scsi.c:945 > virtio_dev_probe+0x991/0xaf0 drivers/virtio/virtio.c:311 > really_probe+0x29e/0xc50 drivers/base/dd.c:658 > __driver_probe_device+0x1a2/0x3e0 drivers/base/dd.c:800 > driver_probe_device+0x50/0x430 drivers/base/dd.c:830 > __driver_attach+0x45f/0x710 drivers/base/dd.c:1216 > bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368 > bus_add_driver+0x347/0x620 drivers/base/bus.c:673 > driver_register+0x23a/0x320 drivers/base/driver.c:246 > virtio_scsi_init+0x65/0xe0 drivers/scsi/virtio_scsi.c:1083 > do_one_initcall+0x248/0x880 init/main.c:1238 > do_initcall_level+0x157/0x210 init/main.c:1300 > do_initcalls+0x3f/0x80 init/main.c:1316 > kernel_init_freeable+0x435/0x5d0 init/main.c:1548 > kernel_init+0x1d/0x2b0 init/main.c:1437 > ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 > </TASK> > I think I saw this already and also with virtio scsi. virtio core does not seem to be doing anything special here, Cc virtio scsi maintainers. > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller@googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 7:40 ` Michael S. Tsirkin @ 2024-03-19 17:19 ` Stefan Hajnoczi 2024-03-19 17:47 ` Michael S. Tsirkin 2024-03-19 20:51 ` Mike Christie 2024-03-19 18:59 ` Stefan Hajnoczi 1 sibling, 2 replies; 14+ messages in thread From: Stefan Hajnoczi @ 2024-03-19 17:19 UTC (permalink / raw) To: Michael S. Tsirkin Cc: syzbot, jasowang, linux-kernel, syzkaller-bugs, virtualization, xuanzhuo, Paolo Bonzini, Mike Christie [-- Attachment #1: Type: text/plain, Size: 8618 bytes --] On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: > On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > > Hello, > > > > syzbot found the following issue on: > > > > HEAD commit: b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. > > git tree: upstream > > console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c81180000 > > kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > > > Downloadable assets: > > disk image: https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > > vmlinux: https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > > kernel image: https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com > > > > Key type pkcs7_test registered > > Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > > io scheduler mq-deadline registered > > io scheduler kyber registered > > io scheduler bfq registered > > input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > > ACPI: button: Power Button [PWRF] > > input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > > ACPI: button: Sleep Button [SLPF] > > ioatdma: Intel(R) QuickData Technology Driver 5.00 > > ACPI: \_SB_.LNKC: Enabled at IRQ 11 > > virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver > > ACPI: \_SB_.LNKD: Enabled at IRQ 10 > > virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver > > ACPI: \_SB_.LNKB: Enabled at IRQ 10 > > virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver > > virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver > > N_HDLC line discipline registered with maxframe=4096 > > Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > > 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > > 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > > 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > > 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > > Non-volatile memory driver v1.3 > > Linux agpgart interface v0.103 > > ACPI: bus type drm_connector registered > > [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > > [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > > Console: switching to colour frame buffer device 128x48 > > platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > > usbcore: registered new interface driver udl > > brd: module loaded > > loop: module loaded > > zram: Added device: zram0 > > null_blk: disk nullb0 created > > null_blk: module loaded > > Guest personality initialized and is inactive > > VMCI host device registered (name=vmci, major=10, minor=118) > > Initialized host personality > > usbcore: registered new interface driver rtsx_usb > > usbcore: registered new interface driver viperboard > > usbcore: registered new interface driver dln2 > > usbcore: registered new interface driver pn533_usb > > nfcsim 0.2 initialized > > usbcore: registered new interface driver port100 > > usbcore: registered new interface driver nfcmrvl > > Loading iSCSI transport class v2.0-870. > > virtio_scsi virtio0: 1/0/0 default/read/poll queues > > ------------[ cut here ]------------ > > refcount_t: decrement hit 0; leaking memory. > > WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > Modules linked in: > > CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 > > RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > > RSP: 0000:ffffc90000066e18 EFLAGS: 00010246 > > RAX: 76f86e452fcad900 RBX: ffff8880210d2aec RCX: ffff888016ac8000 > > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > > RBP: 0000000000000004 R08: ffffffff8157ffe2 R09: fffffbfff1c396e0 > > R10: dffffc0000000000 R11: fffffbfff1c396e0 R12: ffffea000502cdc0 > > R13: ffffea000502cdc8 R14: 1ffffd4000a059b9 R15: 0000000000000000 > > FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: ffff88823ffff000 CR3: 000000000e132000 CR4: 00000000003506f0 > > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > > Call Trace: > > <TASK> > > reset_page_owner include/linux/page_owner.h:25 [inline] > > free_pages_prepare mm/page_alloc.c:1141 [inline] > > __free_pages_ok+0xc54/0xd80 mm/page_alloc.c:1270 > > make_alloc_exact+0xa3/0xf0 mm/page_alloc.c:4829 > > vring_alloc_queue drivers/virtio/virtio_ring.c:319 [inline] > > vring_alloc_queue_split+0x20a/0x600 drivers/virtio/virtio_ring.c:1108 > > vring_create_virtqueue_split+0xc6/0x310 drivers/virtio/virtio_ring.c:1158 > > vring_create_virtqueue+0xca/0x110 drivers/virtio/virtio_ring.c:2683 > > setup_vq+0xe9/0x2d0 drivers/virtio/virtio_pci_legacy.c:131 > > vp_setup_vq+0xbf/0x330 drivers/virtio/virtio_pci_common.c:189 > > vp_find_vqs_msix+0x8b2/0xc80 drivers/virtio/virtio_pci_common.c:331 > > vp_find_vqs+0x4c/0x4e0 drivers/virtio/virtio_pci_common.c:408 > > virtio_find_vqs include/linux/virtio_config.h:233 [inline] > > virtscsi_init+0x8db/0xd00 drivers/scsi/virtio_scsi.c:887 > > virtscsi_probe+0x3ea/0xf60 drivers/scsi/virtio_scsi.c:945 > > virtio_dev_probe+0x991/0xaf0 drivers/virtio/virtio.c:311 > > really_probe+0x29e/0xc50 drivers/base/dd.c:658 > > __driver_probe_device+0x1a2/0x3e0 drivers/base/dd.c:800 > > driver_probe_device+0x50/0x430 drivers/base/dd.c:830 > > __driver_attach+0x45f/0x710 drivers/base/dd.c:1216 > > bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368 > > bus_add_driver+0x347/0x620 drivers/base/bus.c:673 > > driver_register+0x23a/0x320 drivers/base/driver.c:246 > > virtio_scsi_init+0x65/0xe0 drivers/scsi/virtio_scsi.c:1083 > > do_one_initcall+0x248/0x880 init/main.c:1238 > > do_initcall_level+0x157/0x210 init/main.c:1300 > > do_initcalls+0x3f/0x80 init/main.c:1316 > > kernel_init_freeable+0x435/0x5d0 init/main.c:1548 > > kernel_init+0x1d/0x2b0 init/main.c:1437 > > ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 > > </TASK> > > > > I think I saw this already and also with virtio scsi. virtio > core does not seem to be doing anything special here, > Cc virtio scsi maintainers. The oldest commit that syzkaller found is a memory management pull request: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?id=e5eb28f6d1afebed4bb7d740a797d0390bd3a357 I can't reproduce the issue locally with QEMU 8.2.0 so I don't have a way to bisect. I reviewed the virtio_scsi.c git log and there have been few changes over the last several months. I couldn't spot an issue in this patch, but the most likely virtio-scsi commit is: commit 95e7249691f082a5178d4d6f60fcdee91da458ab Author: Mike Christie <michael.christie@oracle.com> Date: Wed Dec 13 23:26:49 2023 -0600 scsi: virtio_scsi: Add mq_poll support Stefan > > > > --- > > This report is generated by a bot. It may contain errors. > > See https://goo.gl/tpsmEJ for more information about syzbot. > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > syzbot will keep track of this issue. See: > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > > If the report is already addressed, let syzbot know by replying with: > > #syz fix: exact-commit-title > > > > If you want to overwrite report's subsystems, reply with: > > #syz set subsystems: new-subsystem > > (See the list of subsystem names on the web dashboard) > > > > If the report is a duplicate of another one, reply with: > > #syz dup: exact-subject-of-another-report > > > > If you want to undo deduplication, reply with: > > #syz undup > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 17:19 ` Stefan Hajnoczi @ 2024-03-19 17:47 ` Michael S. Tsirkin 2024-03-19 20:51 ` Mike Christie 1 sibling, 0 replies; 14+ messages in thread From: Michael S. Tsirkin @ 2024-03-19 17:47 UTC (permalink / raw) To: Stefan Hajnoczi Cc: syzbot, jasowang, linux-kernel, syzkaller-bugs, virtualization, xuanzhuo, Paolo Bonzini, Mike Christie On Tue, Mar 19, 2024 at 01:19:23PM -0400, Stefan Hajnoczi wrote: > On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: > > On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > > > Hello, > > > > > > syzbot found the following issue on: > > > > > > HEAD commit: b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. > > > git tree: upstream > > > console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c81180000 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > > > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > > > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > > > > > Downloadable assets: > > > disk image: https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > > > vmlinux: https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > > > kernel image: https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > > Reported-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com > > > > > > Key type pkcs7_test registered > > > Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > > > io scheduler mq-deadline registered > > > io scheduler kyber registered > > > io scheduler bfq registered > > > input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > > > ACPI: button: Power Button [PWRF] > > > input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > > > ACPI: button: Sleep Button [SLPF] > > > ioatdma: Intel(R) QuickData Technology Driver 5.00 > > > ACPI: \_SB_.LNKC: Enabled at IRQ 11 > > > virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver > > > ACPI: \_SB_.LNKD: Enabled at IRQ 10 > > > virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver > > > ACPI: \_SB_.LNKB: Enabled at IRQ 10 > > > virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver > > > virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver > > > N_HDLC line discipline registered with maxframe=4096 > > > Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > > > 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > > > 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > > > 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > > > 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > > > Non-volatile memory driver v1.3 > > > Linux agpgart interface v0.103 > > > ACPI: bus type drm_connector registered > > > [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > > > [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > > > Console: switching to colour frame buffer device 128x48 > > > platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > > > usbcore: registered new interface driver udl > > > brd: module loaded > > > loop: module loaded > > > zram: Added device: zram0 > > > null_blk: disk nullb0 created > > > null_blk: module loaded > > > Guest personality initialized and is inactive > > > VMCI host device registered (name=vmci, major=10, minor=118) > > > Initialized host personality > > > usbcore: registered new interface driver rtsx_usb > > > usbcore: registered new interface driver viperboard > > > usbcore: registered new interface driver dln2 > > > usbcore: registered new interface driver pn533_usb > > > nfcsim 0.2 initialized > > > usbcore: registered new interface driver port100 > > > usbcore: registered new interface driver nfcmrvl > > > Loading iSCSI transport class v2.0-870. > > > virtio_scsi virtio0: 1/0/0 default/read/poll queues > > > ------------[ cut here ]------------ > > > refcount_t: decrement hit 0; leaking memory. > > > WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > > Modules linked in: > > > CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 > > > RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > > > Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > > > RSP: 0000:ffffc90000066e18 EFLAGS: 00010246 > > > RAX: 76f86e452fcad900 RBX: ffff8880210d2aec RCX: ffff888016ac8000 > > > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > > > RBP: 0000000000000004 R08: ffffffff8157ffe2 R09: fffffbfff1c396e0 > > > R10: dffffc0000000000 R11: fffffbfff1c396e0 R12: ffffea000502cdc0 > > > R13: ffffea000502cdc8 R14: 1ffffd4000a059b9 R15: 0000000000000000 > > > FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > > CR2: ffff88823ffff000 CR3: 000000000e132000 CR4: 00000000003506f0 > > > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > > > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > > > Call Trace: > > > <TASK> > > > reset_page_owner include/linux/page_owner.h:25 [inline] > > > free_pages_prepare mm/page_alloc.c:1141 [inline] > > > __free_pages_ok+0xc54/0xd80 mm/page_alloc.c:1270 > > > make_alloc_exact+0xa3/0xf0 mm/page_alloc.c:4829 > > > vring_alloc_queue drivers/virtio/virtio_ring.c:319 [inline] > > > vring_alloc_queue_split+0x20a/0x600 drivers/virtio/virtio_ring.c:1108 > > > vring_create_virtqueue_split+0xc6/0x310 drivers/virtio/virtio_ring.c:1158 > > > vring_create_virtqueue+0xca/0x110 drivers/virtio/virtio_ring.c:2683 > > > setup_vq+0xe9/0x2d0 drivers/virtio/virtio_pci_legacy.c:131 > > > vp_setup_vq+0xbf/0x330 drivers/virtio/virtio_pci_common.c:189 > > > vp_find_vqs_msix+0x8b2/0xc80 drivers/virtio/virtio_pci_common.c:331 > > > vp_find_vqs+0x4c/0x4e0 drivers/virtio/virtio_pci_common.c:408 > > > virtio_find_vqs include/linux/virtio_config.h:233 [inline] > > > virtscsi_init+0x8db/0xd00 drivers/scsi/virtio_scsi.c:887 > > > virtscsi_probe+0x3ea/0xf60 drivers/scsi/virtio_scsi.c:945 > > > virtio_dev_probe+0x991/0xaf0 drivers/virtio/virtio.c:311 > > > really_probe+0x29e/0xc50 drivers/base/dd.c:658 > > > __driver_probe_device+0x1a2/0x3e0 drivers/base/dd.c:800 > > > driver_probe_device+0x50/0x430 drivers/base/dd.c:830 > > > __driver_attach+0x45f/0x710 drivers/base/dd.c:1216 > > > bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368 > > > bus_add_driver+0x347/0x620 drivers/base/bus.c:673 > > > driver_register+0x23a/0x320 drivers/base/driver.c:246 > > > virtio_scsi_init+0x65/0xe0 drivers/scsi/virtio_scsi.c:1083 > > > do_one_initcall+0x248/0x880 init/main.c:1238 > > > do_initcall_level+0x157/0x210 init/main.c:1300 > > > do_initcalls+0x3f/0x80 init/main.c:1316 > > > kernel_init_freeable+0x435/0x5d0 init/main.c:1548 > > > kernel_init+0x1d/0x2b0 init/main.c:1437 > > > ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 > > > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 > > > </TASK> > > > > > > > I think I saw this already and also with virtio scsi. virtio > > core does not seem to be doing anything special here, > > Cc virtio scsi maintainers. > > The oldest commit that syzkaller found is a memory management pull > request: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?id=e5eb28f6d1afebed4bb7d740a797d0390bd3a357 > > I can't reproduce the issue locally with QEMU 8.2.0 so I don't have a > way to bisect. > > I reviewed the virtio_scsi.c git log and there have been few changes > over the last several months. I couldn't spot an issue in this patch, > but the most likely virtio-scsi commit is: > > commit 95e7249691f082a5178d4d6f60fcdee91da458ab > Author: Mike Christie <michael.christie@oracle.com> > Date: Wed Dec 13 23:26:49 2023 -0600 > > scsi: virtio_scsi: Add mq_poll support > > Stefan Send a revert and ask syzbot to test it then? > > > > > > > --- > > > This report is generated by a bot. It may contain errors. > > > See https://goo.gl/tpsmEJ for more information about syzbot. > > > syzbot engineers can be reached at syzkaller@googlegroups.com. > > > > > > syzbot will keep track of this issue. See: > > > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > > > > > If the report is already addressed, let syzbot know by replying with: > > > #syz fix: exact-commit-title > > > > > > If you want to overwrite report's subsystems, reply with: > > > #syz set subsystems: new-subsystem > > > (See the list of subsystem names on the web dashboard) > > > > > > If the report is a duplicate of another one, reply with: > > > #syz dup: exact-subject-of-another-report > > > > > > If you want to undo deduplication, reply with: > > > #syz undup > > ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 17:19 ` Stefan Hajnoczi 2024-03-19 17:47 ` Michael S. Tsirkin @ 2024-03-19 20:51 ` Mike Christie 2024-03-20 11:30 ` Stefan Hajnoczi 1 sibling, 1 reply; 14+ messages in thread From: Mike Christie @ 2024-03-19 20:51 UTC (permalink / raw) To: Stefan Hajnoczi, Michael S. Tsirkin Cc: syzbot, jasowang, linux-kernel, syzkaller-bugs, virtualization, xuanzhuo, Paolo Bonzini On 3/19/24 12:19 PM, Stefan Hajnoczi wrote: > On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: >> On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: >>> Hello, >>> >>> syzbot found the following issue on: >>> >>> HEAD commit: b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. >>> git tree: upstream >>> console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c81180000 >>> kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 >>> dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 >>> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 >>> >>> Downloadable assets: >>> disk image: https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz >>> vmlinux: https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz >>> kernel image: https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz >>> >>> IMPORTANT: if you fix the issue, please add the following tag to the commit: >>> Reported-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com >>> >>> Key type pkcs7_test registered >>> Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) >>> io scheduler mq-deadline registered >>> io scheduler kyber registered >>> io scheduler bfq registered >>> input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 >>> ACPI: button: Power Button [PWRF] >>> input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 >>> ACPI: button: Sleep Button [SLPF] >>> ioatdma: Intel(R) QuickData Technology Driver 5.00 >>> ACPI: \_SB_.LNKC: Enabled at IRQ 11 >>> virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver >>> ACPI: \_SB_.LNKD: Enabled at IRQ 10 >>> virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver >>> ACPI: \_SB_.LNKB: Enabled at IRQ 10 >>> virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver >>> virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver >>> N_HDLC line discipline registered with maxframe=4096 >>> Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled >>> 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A >>> 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A >>> 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A >>> 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A >>> Non-volatile memory driver v1.3 >>> Linux agpgart interface v0.103 >>> ACPI: bus type drm_connector registered >>> [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 >>> [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 >>> Console: switching to colour frame buffer device 128x48 >>> platform vkms: [drm] fb0: vkmsdrmfb frame buffer device >>> usbcore: registered new interface driver udl >>> brd: module loaded >>> loop: module loaded >>> zram: Added device: zram0 >>> null_blk: disk nullb0 created >>> null_blk: module loaded >>> Guest personality initialized and is inactive >>> VMCI host device registered (name=vmci, major=10, minor=118) >>> Initialized host personality >>> usbcore: registered new interface driver rtsx_usb >>> usbcore: registered new interface driver viperboard >>> usbcore: registered new interface driver dln2 >>> usbcore: registered new interface driver pn533_usb >>> nfcsim 0.2 initialized >>> usbcore: registered new interface driver port100 >>> usbcore: registered new interface driver nfcmrvl >>> Loading iSCSI transport class v2.0-870. >>> virtio_scsi virtio0: 1/0/0 default/read/poll queues >>> ------------[ cut here ]------------ >>> refcount_t: decrement hit 0; leaking memory. >>> WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 >>> Modules linked in: >>> CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 >>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 >>> RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 >>> Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 >>> RSP: 0000:ffffc90000066e18 EFLAGS: 00010246 >>> RAX: 76f86e452fcad900 RBX: ffff8880210d2aec RCX: ffff888016ac8000 >>> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 >>> RBP: 0000000000000004 R08: ffffffff8157ffe2 R09: fffffbfff1c396e0 >>> R10: dffffc0000000000 R11: fffffbfff1c396e0 R12: ffffea000502cdc0 >>> R13: ffffea000502cdc8 R14: 1ffffd4000a059b9 R15: 0000000000000000 >>> FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 >>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >>> CR2: ffff88823ffff000 CR3: 000000000e132000 CR4: 00000000003506f0 >>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 >>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 >>> Call Trace: >>> <TASK> >>> reset_page_owner include/linux/page_owner.h:25 [inline] >>> free_pages_prepare mm/page_alloc.c:1141 [inline] >>> __free_pages_ok+0xc54/0xd80 mm/page_alloc.c:1270 >>> make_alloc_exact+0xa3/0xf0 mm/page_alloc.c:4829 >>> vring_alloc_queue drivers/virtio/virtio_ring.c:319 [inline] >>> vring_alloc_queue_split+0x20a/0x600 drivers/virtio/virtio_ring.c:1108 >>> vring_create_virtqueue_split+0xc6/0x310 drivers/virtio/virtio_ring.c:1158 >>> vring_create_virtqueue+0xca/0x110 drivers/virtio/virtio_ring.c:2683 >>> setup_vq+0xe9/0x2d0 drivers/virtio/virtio_pci_legacy.c:131 >>> vp_setup_vq+0xbf/0x330 drivers/virtio/virtio_pci_common.c:189 >>> vp_find_vqs_msix+0x8b2/0xc80 drivers/virtio/virtio_pci_common.c:331 >>> vp_find_vqs+0x4c/0x4e0 drivers/virtio/virtio_pci_common.c:408 >>> virtio_find_vqs include/linux/virtio_config.h:233 [inline] >>> virtscsi_init+0x8db/0xd00 drivers/scsi/virtio_scsi.c:887 >>> virtscsi_probe+0x3ea/0xf60 drivers/scsi/virtio_scsi.c:945 >>> virtio_dev_probe+0x991/0xaf0 drivers/virtio/virtio.c:311 >>> really_probe+0x29e/0xc50 drivers/base/dd.c:658 >>> __driver_probe_device+0x1a2/0x3e0 drivers/base/dd.c:800 >>> driver_probe_device+0x50/0x430 drivers/base/dd.c:830 >>> __driver_attach+0x45f/0x710 drivers/base/dd.c:1216 >>> bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368 >>> bus_add_driver+0x347/0x620 drivers/base/bus.c:673 >>> driver_register+0x23a/0x320 drivers/base/driver.c:246 >>> virtio_scsi_init+0x65/0xe0 drivers/scsi/virtio_scsi.c:1083 >>> do_one_initcall+0x248/0x880 init/main.c:1238 >>> do_initcall_level+0x157/0x210 init/main.c:1300 >>> do_initcalls+0x3f/0x80 init/main.c:1316 >>> kernel_init_freeable+0x435/0x5d0 init/main.c:1548 >>> kernel_init+0x1d/0x2b0 init/main.c:1437 >>> ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 >>> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 >>> </TASK> >>> >> >> I think I saw this already and also with virtio scsi. virtio >> core does not seem to be doing anything special here, >> Cc virtio scsi maintainers. > > The oldest commit that syzkaller found is a memory management pull > request: > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?id=e5eb28f6d1afebed4bb7d740a797d0390bd3a357 > > I can't reproduce the issue locally with QEMU 8.2.0 so I don't have a > way to bisect. > > I reviewed the virtio_scsi.c git log and there have been few changes > over the last several months. I couldn't spot an issue in this patch, > but the most likely virtio-scsi commit is: > > commit 95e7249691f082a5178d4d6f60fcdee91da458ab > Author: Mike Christie <michael.christie@oracle.com> > Date: Wed Dec 13 23:26:49 2023 -0600 > > scsi: virtio_scsi: Add mq_poll support > > Stefan I also tested the current kernel and didn't hit it. In this mail: https://lore.kernel.org/all/ZfKPf_pGxv-xtSPN@localhost.localdomain/ from this thread: https://lore.kernel.org/all/37cb2e7c-97f1-4179-a715-84cc02096083@I-love.SAKURA.ne.jp/T/ it looks like Oscar is saying he has a fix right? ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 20:51 ` Mike Christie @ 2024-03-20 11:30 ` Stefan Hajnoczi 2024-03-20 20:08 ` syzbot 0 siblings, 1 reply; 14+ messages in thread From: Stefan Hajnoczi @ 2024-03-20 11:30 UTC (permalink / raw) To: Mike Christie Cc: Michael S. Tsirkin, syzbot, jasowang, linux-kernel, syzkaller-bugs, virtualization, xuanzhuo, Paolo Bonzini, Oscar Salvador [-- Attachment #1: Type: text/plain, Size: 9262 bytes --] On Tue, Mar 19, 2024 at 03:51:18PM -0500, Mike Christie wrote: > On 3/19/24 12:19 PM, Stefan Hajnoczi wrote: > > On Tue, Mar 19, 2024 at 03:40:53AM -0400, Michael S. Tsirkin wrote: > >> On Tue, Mar 19, 2024 at 12:32:26AM -0700, syzbot wrote: > >>> Hello, > >>> > >>> syzbot found the following issue on: > >>> > >>> HEAD commit: b3603fcb79b1 Merge tag 'dlm-6.9' of git://git.kernel.org/p.. > >>> git tree: upstream > >>> console output: https://syzkaller.appspot.com/x/log.txt?x=10f04c81180000 > >>> kernel config: https://syzkaller.appspot.com/x/.config?x=fcb5bfbee0a42b54 > >>> dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > >>> compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > >>> > >>> Downloadable assets: > >>> disk image: https://storage.googleapis.com/syzbot-assets/43969dffd4a6/disk-b3603fcb.raw.xz > >>> vmlinux: https://storage.googleapis.com/syzbot-assets/ef48ab3b378b/vmlinux-b3603fcb.xz > >>> kernel image: https://storage.googleapis.com/syzbot-assets/728f5ff2b6fe/bzImage-b3603fcb.xz > >>> > >>> IMPORTANT: if you fix the issue, please add the following tag to the commit: > >>> Reported-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com > >>> > >>> Key type pkcs7_test registered > >>> Block layer SCSI generic (bsg) driver version 0.4 loaded (major 239) > >>> io scheduler mq-deadline registered > >>> io scheduler kyber registered > >>> io scheduler bfq registered > >>> input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 > >>> ACPI: button: Power Button [PWRF] > >>> input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1 > >>> ACPI: button: Sleep Button [SLPF] > >>> ioatdma: Intel(R) QuickData Technology Driver 5.00 > >>> ACPI: \_SB_.LNKC: Enabled at IRQ 11 > >>> virtio-pci 0000:00:03.0: virtio_pci: leaving for legacy driver > >>> ACPI: \_SB_.LNKD: Enabled at IRQ 10 > >>> virtio-pci 0000:00:04.0: virtio_pci: leaving for legacy driver > >>> ACPI: \_SB_.LNKB: Enabled at IRQ 10 > >>> virtio-pci 0000:00:06.0: virtio_pci: leaving for legacy driver > >>> virtio-pci 0000:00:07.0: virtio_pci: leaving for legacy driver > >>> N_HDLC line discipline registered with maxframe=4096 > >>> Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled > >>> 00:03: ttyS0 at I/O 0x3f8 (irq = 4, base_baud = 115200) is a 16550A > >>> 00:04: ttyS1 at I/O 0x2f8 (irq = 3, base_baud = 115200) is a 16550A > >>> 00:05: ttyS2 at I/O 0x3e8 (irq = 6, base_baud = 115200) is a 16550A > >>> 00:06: ttyS3 at I/O 0x2e8 (irq = 7, base_baud = 115200) is a 16550A > >>> Non-volatile memory driver v1.3 > >>> Linux agpgart interface v0.103 > >>> ACPI: bus type drm_connector registered > >>> [drm] Initialized vgem 1.0.0 20120112 for vgem on minor 0 > >>> [drm] Initialized vkms 1.0.0 20180514 for vkms on minor 1 > >>> Console: switching to colour frame buffer device 128x48 > >>> platform vkms: [drm] fb0: vkmsdrmfb frame buffer device > >>> usbcore: registered new interface driver udl > >>> brd: module loaded > >>> loop: module loaded > >>> zram: Added device: zram0 > >>> null_blk: disk nullb0 created > >>> null_blk: module loaded > >>> Guest personality initialized and is inactive > >>> VMCI host device registered (name=vmci, major=10, minor=118) > >>> Initialized host personality > >>> usbcore: registered new interface driver rtsx_usb > >>> usbcore: registered new interface driver viperboard > >>> usbcore: registered new interface driver dln2 > >>> usbcore: registered new interface driver pn533_usb > >>> nfcsim 0.2 initialized > >>> usbcore: registered new interface driver port100 > >>> usbcore: registered new interface driver nfcmrvl > >>> Loading iSCSI transport class v2.0-870. > >>> virtio_scsi virtio0: 1/0/0 default/read/poll queues > >>> ------------[ cut here ]------------ > >>> refcount_t: decrement hit 0; leaking memory. > >>> WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > >>> Modules linked in: > >>> CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-syzkaller-11567-gb3603fcb79b1 #0 > >>> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 > >>> RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 lib/refcount.c:31 > >>> Code: b2 00 00 00 e8 57 d4 f2 fc 5b 5d c3 cc cc cc cc e8 4b d4 f2 fc c6 05 0c f9 ef 0a 01 90 48 c7 c7 a0 5d 1e 8c e8 b7 75 b5 fc 90 <0f> 0b 90 90 eb d9 e8 2b d4 f2 fc c6 05 e9 f8 ef 0a 01 90 48 c7 c7 > >>> RSP: 0000:ffffc90000066e18 EFLAGS: 00010246 > >>> RAX: 76f86e452fcad900 RBX: ffff8880210d2aec RCX: ffff888016ac8000 > >>> RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > >>> RBP: 0000000000000004 R08: ffffffff8157ffe2 R09: fffffbfff1c396e0 > >>> R10: dffffc0000000000 R11: fffffbfff1c396e0 R12: ffffea000502cdc0 > >>> R13: ffffea000502cdc8 R14: 1ffffd4000a059b9 R15: 0000000000000000 > >>> FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 > >>> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > >>> CR2: ffff88823ffff000 CR3: 000000000e132000 CR4: 00000000003506f0 > >>> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > >>> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > >>> Call Trace: > >>> <TASK> > >>> reset_page_owner include/linux/page_owner.h:25 [inline] > >>> free_pages_prepare mm/page_alloc.c:1141 [inline] > >>> __free_pages_ok+0xc54/0xd80 mm/page_alloc.c:1270 > >>> make_alloc_exact+0xa3/0xf0 mm/page_alloc.c:4829 > >>> vring_alloc_queue drivers/virtio/virtio_ring.c:319 [inline] > >>> vring_alloc_queue_split+0x20a/0x600 drivers/virtio/virtio_ring.c:1108 > >>> vring_create_virtqueue_split+0xc6/0x310 drivers/virtio/virtio_ring.c:1158 > >>> vring_create_virtqueue+0xca/0x110 drivers/virtio/virtio_ring.c:2683 > >>> setup_vq+0xe9/0x2d0 drivers/virtio/virtio_pci_legacy.c:131 > >>> vp_setup_vq+0xbf/0x330 drivers/virtio/virtio_pci_common.c:189 > >>> vp_find_vqs_msix+0x8b2/0xc80 drivers/virtio/virtio_pci_common.c:331 > >>> vp_find_vqs+0x4c/0x4e0 drivers/virtio/virtio_pci_common.c:408 > >>> virtio_find_vqs include/linux/virtio_config.h:233 [inline] > >>> virtscsi_init+0x8db/0xd00 drivers/scsi/virtio_scsi.c:887 > >>> virtscsi_probe+0x3ea/0xf60 drivers/scsi/virtio_scsi.c:945 > >>> virtio_dev_probe+0x991/0xaf0 drivers/virtio/virtio.c:311 > >>> really_probe+0x29e/0xc50 drivers/base/dd.c:658 > >>> __driver_probe_device+0x1a2/0x3e0 drivers/base/dd.c:800 > >>> driver_probe_device+0x50/0x430 drivers/base/dd.c:830 > >>> __driver_attach+0x45f/0x710 drivers/base/dd.c:1216 > >>> bus_for_each_dev+0x239/0x2b0 drivers/base/bus.c:368 > >>> bus_add_driver+0x347/0x620 drivers/base/bus.c:673 > >>> driver_register+0x23a/0x320 drivers/base/driver.c:246 > >>> virtio_scsi_init+0x65/0xe0 drivers/scsi/virtio_scsi.c:1083 > >>> do_one_initcall+0x248/0x880 init/main.c:1238 > >>> do_initcall_level+0x157/0x210 init/main.c:1300 > >>> do_initcalls+0x3f/0x80 init/main.c:1316 > >>> kernel_init_freeable+0x435/0x5d0 init/main.c:1548 > >>> kernel_init+0x1d/0x2b0 init/main.c:1437 > >>> ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 > >>> ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 > >>> </TASK> > >>> > >> > >> I think I saw this already and also with virtio scsi. virtio > >> core does not seem to be doing anything special here, > >> Cc virtio scsi maintainers. > > > > The oldest commit that syzkaller found is a memory management pull > > request: > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/?id=e5eb28f6d1afebed4bb7d740a797d0390bd3a357 > > > > I can't reproduce the issue locally with QEMU 8.2.0 so I don't have a > > way to bisect. > > > > I reviewed the virtio_scsi.c git log and there have been few changes > > over the last several months. I couldn't spot an issue in this patch, > > but the most likely virtio-scsi commit is: > > > > commit 95e7249691f082a5178d4d6f60fcdee91da458ab > > Author: Mike Christie <michael.christie@oracle.com> > > Date: Wed Dec 13 23:26:49 2023 -0600 > > > > scsi: virtio_scsi: Add mq_poll support > > > > Stefan > > I also tested the current kernel and didn't hit it. > > In this mail: > > https://lore.kernel.org/all/ZfKPf_pGxv-xtSPN@localhost.localdomain/ > > from this thread: > > https://lore.kernel.org/all/37cb2e7c-97f1-4179-a715-84cc02096083@I-love.SAKURA.ne.jp/T/ > > it looks like Oscar is saying he has a fix right? Yes, here is Oscar's work-in-progress fix: https://lore.kernel.org/all/20240319183212.17156-1-osalvador@suse.de/ Commit 217b2119b9e2 ("mm,page_owner: implement the tracking of the stacks count") introduced the issue and it was merged via commit 902861e34c40 ("Merge tag 'mm-stable-2024-03-13-20-04' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm"). To be 100% sure, I'll test the commit in question and its parent: #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 4bedfb314bdd85c1662ecc46fa25b33b998f994d #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 217b2119b9e260609958db413876f211038f00ee Stefan [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-20 11:30 ` Stefan Hajnoczi @ 2024-03-20 20:08 ` syzbot 2024-03-21 12:07 ` Stefan Hajnoczi 0 siblings, 1 reply; 14+ messages in thread From: syzbot @ 2024-03-20 20:08 UTC (permalink / raw) To: jasowang, linux-kernel, michael.christie, mst, osalvador, pbonzini, stefanha, syzkaller-bugs, virtualization, xuanzhuo Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com Tested on: commit: 4bedfb31 mm,page_owner: maintain own list of stack_rec.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git kernel config: https://syzkaller.appspot.com/x/.config?x=527195e149aa3091 dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-20 20:08 ` syzbot @ 2024-03-21 12:07 ` Stefan Hajnoczi 2024-03-21 15:52 ` syzbot 0 siblings, 1 reply; 14+ messages in thread From: Stefan Hajnoczi @ 2024-03-21 12:07 UTC (permalink / raw) To: syzbot Cc: jasowang, linux-kernel, michael.christie, mst, osalvador, pbonzini, syzkaller-bugs, virtualization, xuanzhuo [-- Attachment #1: Type: text/plain, Size: 986 bytes --] On Wed, Mar 20, 2024 at 01:08:02PM -0700, syzbot wrote: > Hello, > > syzbot has tested the proposed patch and the reproducer did not trigger any issue: > > Reported-and-tested-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com > > Tested on: > > commit: 4bedfb31 mm,page_owner: maintain own list of stack_rec.. > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git > kernel config: https://syzkaller.appspot.com/x/.config?x=527195e149aa3091 > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > Note: no patches were applied. > Note: testing is done by a robot and is best-effort only. > Good, that was the expected last working commit. Here is the next commit (it should fail): #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 217b2119b9e260609958db413876f211038f00ee [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-21 12:07 ` Stefan Hajnoczi @ 2024-03-21 15:52 ` syzbot 2024-03-21 17:13 ` Stefan Hajnoczi 0 siblings, 1 reply; 14+ messages in thread From: syzbot @ 2024-03-21 15:52 UTC (permalink / raw) To: jasowang, linux-kernel, michael.christie, mst, osalvador, pbonzini, stefanha, syzkaller-bugs, virtualization, xuanzhuo Hello, syzbot tried to test the proposed patch but the build/boot failed: bcore: registered new interface driver viperboard [ 7.297712][ T1] usbcore: registered new interface driver dln2 [ 7.299149][ T1] usbcore: registered new interface driver pn533_usb [ 7.304759][ T924] kworker/u4:1 (924) used greatest stack depth: 22768 bytes left [ 7.308971][ T1] nfcsim 0.2 initialized [ 7.310068][ T1] usbcore: registered new interface driver port100 [ 7.311312][ T1] usbcore: registered new interface driver nfcmrvl [ 7.318405][ T1] Loading iSCSI transport class v2.0-870. [ 7.334687][ T1] virtio_scsi virtio0: 1/0/0 default/read/poll queues [ 7.344927][ T1] ------------[ cut here ]------------ [ 7.345739][ T1] refcount_t: decrement hit 0; leaking memory. [ 7.346982][ T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 [ 7.348761][ T1] Modules linked in: [ 7.349418][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc5-syzkaller-00257-g217b2119b9e2 #0 [ 7.351070][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 7.352824][ T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 7.353979][ T1] Code: b2 00 00 00 e8 97 2d fc fc 5b 5d c3 cc cc cc cc e8 8b 2d fc fc c6 05 0d d9 d6 0a 01 90 48 c7 c7 a0 46 fd 8b e8 e7 2c c0 fc 90 <0f> 0b 90 90 eb d9 e8 6b 2d fc fc c6 05 ea d8 d6 0a 01 90 48 c7 c7 [ 7.358181][ T1] RSP: 0000:ffffc90000066e10 EFLAGS: 00010246 [ 7.360206][ T1] RAX: 67b097fa09053300 RBX: ffff88814073377c RCX: ffff8880166c0000 [ 7.362234][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 7.363496][ T1] RBP: 0000000000000004 R08: ffffffff81589d62 R09: 1ffff9200000cd14 [ 7.365139][ T1] R10: dffffc0000000000 R11: fffff5200000cd15 R12: ffffea000501edc0 [ 7.366612][ T1] R13: ffffea000501edc8 R14: 1ffffd4000a03db9 R15: 0000000000000000 [ 7.368171][ T1] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 7.370111][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 7.371030][ T1] CR2: ffff88823ffff000 CR3: 000000000df34000 CR4: 00000000003506f0 [ 7.372121][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 7.373506][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 7.374889][ T1] Call Trace: [ 7.375371][ T1] <TASK> [ 7.375798][ T1] ? __warn+0x162/0x4b0 [ 7.376442][ T1] ? refcount_warn_saturate+0xfa/0x1d0 [ 7.377482][ T1] ? report_bug+0x2b3/0x500 [ 7.378161][ T1] ? refcount_warn_saturate+0xfa/0x1d0 [ 7.379268][ T1] ? handle_bug+0x3e/0x70 [ 7.379887][ T1] ? exc_invalid_op+0x1a/0x50 [ 7.380563][ T1] ? asm_exc_invalid_op+0x1a/0x20 [ 7.381253][ T1] ? __warn_printk+0x292/0x360 [ 7.381912][ T1] ? refcount_warn_saturate+0xfa/0x1d0 [ 7.382752][ T1] __free_pages_ok+0xc36/0xd60 [ 7.384180][ T1] make_alloc_exact+0xc4/0x140 [ 7.385037][ T1] vring_alloc_queue_split+0x20a/0x600 [ 7.386037][ T1] ? __pfx_vring_alloc_queue_split+0x10/0x10 [ 7.387029][ T1] ? vp_find_vqs+0x4c/0x4e0 [ 7.387719][ T1] ? virtscsi_probe+0x3ea/0xf60 [ 7.388408][ T1] ? virtio_dev_probe+0x991/0xaf0 [ 7.389665][ T1] ? really_probe+0x29e/0xc50 [ 7.390429][ T1] ? driver_probe_device+0x50/0x430 [ 7.391176][ T1] vring_create_virtqueue_split+0xc6/0x310 [ 7.392014][ T1] ? ret_from_fork+0x4b/0x80 [ 7.392800][ T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10 [ 7.394115][ T1] vring_create_virtqueue+0xca/0x110 [ 7.395151][ T1] ? __pfx_vp_notify+0x10/0x10 [ 7.395888][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.396674][ T1] setup_vq+0xe9/0x2d0 [ 7.397283][ T1] ? __pfx_vp_notify+0x10/0x10 [ 7.397938][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.398806][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.399938][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.400951][ T1] vp_setup_vq+0xbf/0x330 [ 7.401889][ T1] ? __pfx_vp_config_changed+0x10/0x10 [ 7.403092][ T1] ? ioread16+0x2f/0x90 [ 7.403909][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.405136][ T1] vp_find_vqs_msix+0x8b2/0xc80 [ 7.405892][ T1] vp_find_vqs+0x4c/0x4e0 [ 7.406823][ T1] virtscsi_init+0x8db/0xd00 [ 7.407669][ T1] ? __pfx_virtscsi_init+0x10/0x10 [ 7.408413][ T1] ? __pfx_default_calc_sets+0x10/0x10 [ 7.409369][ T1] ? scsi_host_alloc+0xa57/0xea0 [ 7.410333][ T1] ? vp_get+0xfd/0x140 [ 7.410899][ T1] virtscsi_probe+0x3ea/0xf60 [ 7.411673][ T1] ? __pfx_virtscsi_probe+0x10/0x10 [ 7.412520][ T1] ? kernfs_add_one+0x159/0x8b0 [ 7.413222][ T1] ? virtio_no_restricted_mem_acc+0x9/0x10 [ 7.414081][ T1] ? virtio_features_ok+0x10c/0x270 [ 7.414875][ T1] virtio_dev_probe+0x991/0xaf0 [ 7.415574][ T1] ? __pfx_virtio_dev_probe+0x10/0x10 [ 7.416501][ T1] really_probe+0x29e/0xc50 [ 7.417330][ T1] __driver_probe_device+0x1a2/0x3e0 [ 7.418134][ T1] driver_probe_device+0x50/0x430 [ 7.418922][ T1] __driver_attach+0x45f/0x710 [ 7.419731][ T1] ? __pfx___driver_attach+0x10/0x10 [ 7.420653][ T1] bus_for_each_dev+0x239/0x2b0 [ 7.421541][ T1] ? __pfx___driver_attach+0x10/0x10 [ 7.422345][ T1] ? __pfx_bus_for_each_dev+0x10/0x10 [ 7.423094][ T1] ? do_raw_spin_unlock+0x13b/0x8b0 [ 7.423964][ T1] bus_add_driver+0x347/0x620 [ 7.424702][ T1] driver_register+0x23a/0x320 [ 7.425353][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 [ 7.426126][ T1] virtio_scsi_init+0x65/0xe0 [ 7.426855][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 [ 7.427617][ T1] do_one_initcall+0x238/0x830 [ 7.428285][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 [ 7.429095][ T1] ? __pfx_do_one_initcall+0x10/0x10 [ 7.430084][ T1] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 7.431238][ T1] ? __pfx_parse_args+0x10/0x10 [ 7.431953][ T1] ? do_initcalls+0x1c/0x80 [ 7.432616][ T1] ? rcu_is_watching+0x15/0xb0 [ 7.433413][ T1] do_initcall_level+0x157/0x210 [ 7.434175][ T1] do_initcalls+0x3f/0x80 [ 7.434918][ T1] kernel_init_freeable+0x42f/0x5d0 [ 7.435664][ T1] ? __pfx_kernel_init_freeable+0x10/0x10 [ 7.436745][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 7.437747][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.438487][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.439268][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.439947][ T1] kernel_init+0x1d/0x2b0 [ 7.440600][ T1] ret_from_fork+0x4b/0x80 [ 7.441572][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.442531][ T1] ret_from_fork_asm+0x1b/0x30 [ 7.443322][ T1] </TASK> [ 7.443865][ T1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 7.444976][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc5-syzkaller-00257-g217b2119b9e2 #0 [ 7.446451][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 [ 7.447782][ T1] Call Trace: [ 7.448300][ T1] <TASK> [ 7.448752][ T1] dump_stack_lvl+0x1e7/0x2e0 [ 7.449206][ T1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 7.449206][ T1] ? __pfx__printk+0x10/0x10 [ 7.449206][ T1] ? _printk+0xd5/0x120 [ 7.449206][ T1] ? vscnprintf+0x5d/0x90 [ 7.449206][ T1] panic+0x349/0x860 [ 7.449206][ T1] ? __warn+0x171/0x4b0 [ 7.449206][ T1] ? __pfx_panic+0x10/0x10 [ 7.449206][ T1] ? show_trace_log_lvl+0x4e4/0x520 [ 7.449206][ T1] ? ret_from_fork_asm+0x1b/0x30 [ 7.449206][ T1] __warn+0x31c/0x4b0 [ 7.449206][ T1] ? refcount_warn_saturate+0xfa/0x1d0 [ 7.449206][ T1] report_bug+0x2b3/0x500 [ 7.449206][ T1] ? refcount_warn_saturate+0xfa/0x1d0 [ 7.458645][ T1] handle_bug+0x3e/0x70 [ 7.458645][ T1] exc_invalid_op+0x1a/0x50 [ 7.458645][ T1] asm_exc_invalid_op+0x1a/0x20 [ 7.458645][ T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 7.458645][ T1] Code: b2 00 00 00 e8 97 2d fc fc 5b 5d c3 cc cc cc cc e8 8b 2d fc fc c6 05 0d d9 d6 0a 01 90 48 c7 c7 a0 46 fd 8b e8 e7 2c c0 fc 90 <0f> 0b 90 90 eb d9 e8 6b 2d fc fc c6 05 ea d8 d6 0a 01 90 48 c7 c7 [ 7.458645][ T1] RSP: 0000:ffffc90000066e10 EFLAGS: 00010246 [ 7.458645][ T1] RAX: 67b097fa09053300 RBX: ffff88814073377c RCX: ffff8880166c0000 [ 7.458645][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 7.468739][ T1] RBP: 0000000000000004 R08: ffffffff81589d62 R09: 1ffff9200000cd14 [ 7.468739][ T1] R10: dffffc0000000000 R11: fffff5200000cd15 R12: ffffea000501edc0 [ 7.468739][ T1] R13: ffffea000501edc8 R14: 1ffffd4000a03db9 R15: 0000000000000000 [ 7.468739][ T1] ? __warn_printk+0x292/0x360 [ 7.468739][ T1] __free_pages_ok+0xc36/0xd60 [ 7.468739][ T1] make_alloc_exact+0xc4/0x140 [ 7.468739][ T1] vring_alloc_queue_split+0x20a/0x600 [ 7.468739][ T1] ? __pfx_vring_alloc_queue_split+0x10/0x10 [ 7.468739][ T1] ? vp_find_vqs+0x4c/0x4e0 [ 7.468739][ T1] ? virtscsi_probe+0x3ea/0xf60 [ 7.478647][ T1] ? virtio_dev_probe+0x991/0xaf0 [ 7.478647][ T1] ? really_probe+0x29e/0xc50 [ 7.478647][ T1] ? driver_probe_device+0x50/0x430 [ 7.478647][ T1] vring_create_virtqueue_split+0xc6/0x310 [ 7.478647][ T1] ? ret_from_fork+0x4b/0x80 [ 7.478647][ T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10 [ 7.478647][ T1] vring_create_virtqueue+0xca/0x110 [ 7.478647][ T1] ? __pfx_vp_notify+0x10/0x10 [ 7.478647][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.478647][ T1] setup_vq+0xe9/0x2d0 [ 7.478647][ T1] ? __pfx_vp_notify+0x10/0x10 [ 7.478647][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.488714][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.488714][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.488714][ T1] vp_setup_vq+0xbf/0x330 [ 7.488714][ T1] ? __pfx_vp_config_changed+0x10/0x10 [ 7.488714][ T1] ? ioread16+0x2f/0x90 [ 7.488714][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 [ 7.488714][ T1] vp_find_vqs_msix+0x8b2/0xc80 [ 7.488714][ T1] vp_find_vqs+0x4c/0x4e0 [ 7.488714][ T1] virtscsi_init+0x8db/0xd00 [ 7.488714][ T1] ? __pfx_virtscsi_init+0x10/0x10 [ 7.488714][ T1] ? __pfx_default_calc_sets+0x10/0x10 [ 7.498614][ T1] ? scsi_host_alloc+0xa57/0xea0 [ 7.498614][ T1] ? vp_get+0xfd/0x140 [ 7.498614][ T1] virtscsi_probe+0x3ea/0xf60 [ 7.498614][ T1] ? __pfx_virtscsi_probe+0x10/0x10 [ 7.498614][ T1] ? kernfs_add_one+0x159/0x8b0 [ 7.498614][ T1] ? virtio_no_restricted_mem_acc+0x9/0x10 [ 7.498614][ T1] ? virtio_features_ok+0x10c/0x270 [ 7.498614][ T1] virtio_dev_probe+0x991/0xaf0 [ 7.498614][ T1] ? __pfx_virtio_dev_probe+0x10/0x10 [ 7.498614][ T1] really_probe+0x29e/0xc50 [ 7.498614][ T1] __driver_probe_device+0x1a2/0x3e0 [ 7.508689][ T1] driver_probe_device+0x50/0x430 [ 7.508689][ T1] __driver_attach+0x45f/0x710 [ 7.508689][ T1] ? __pfx___driver_attach+0x10/0x10 [ 7.508689][ T1] bus_for_each_dev+0x239/0x2b0 [ 7.508689][ T1] ? __pfx___driver_attach+0x10/0x10 [ 7.508689][ T1] ? __pfx_bus_for_each_dev+0x10/0x10 [ 7.508689][ T1] ? do_raw_spin_unlock+0x13b/0x8b0 [ 7.508689][ T1] bus_add_driver+0x347/0x620 [ 7.508689][ T1] driver_register+0x23a/0x320 [ 7.508689][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 [ 7.508689][ T1] virtio_scsi_init+0x65/0xe0 [ 7.518645][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 [ 7.518645][ T1] do_one_initcall+0x238/0x830 [ 7.518645][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 [ 7.518645][ T1] ? __pfx_do_one_initcall+0x10/0x10 [ 7.518645][ T1] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 7.518645][ T1] ? __pfx_parse_args+0x10/0x10 [ 7.518645][ T1] ? do_initcalls+0x1c/0x80 [ 7.518645][ T1] ? rcu_is_watching+0x15/0xb0 [ 7.518645][ T1] do_initcall_level+0x157/0x210 [ 7.518645][ T1] do_initcalls+0x3f/0x80 [ 7.518645][ T1] kernel_init_freeable+0x42f/0x5d0 [ 7.528806][ T1] ? __pfx_kernel_init_freeable+0x10/0x10 [ 7.528806][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.528806][ T1] kernel_init+0x1d/0x2b0 [ 7.528806][ T1] ret_from_fork+0x4b/0x80 [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 [ 7.528806][ T1] ret_from_fork_asm+0x1b/0x30 [ 7.528806][ T1] </TASK> [ 7.528806][ T1] Kernel Offset: disabled [ 7.528806][ T1] Rebooting in 86400 seconds.. syzkaller build log: go env (err=<nil>) GO111MODULE='auto' GOARCH='amd64' GOBIN='' GOCACHE='/syzkaller/.cache/go-build' GOENV='/syzkaller/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/syzkaller/jobs/linux/gopath' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.21.4' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2530895313=/tmp/go-build -gno-record-gcc-switches' git status (err=<nil>) HEAD detached at 6753db5cd nothing to commit, working tree clean tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen make .descriptions tput: No value for $TERM and no -T specified tput: No value for $TERM and no -T specified Makefile:31: run command via tools/syz-env for best compatibility, see: Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env bin/syz-sysgen touch .descriptions GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6753db5cdc04330ec9d1a5116b890c19481d69b3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240320-145051'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6753db5cdc04330ec9d1a5116b890c19481d69b3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240320-145051'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6753db5cdc04330ec9d1a5116b890c19481d69b3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240320-145051'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress mkdir -p ./bin/linux_amd64 gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \ -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \ -DHOSTGOOS_linux=1 -DGIT_REVISION=\"6753db5cdc04330ec9d1a5116b890c19481d69b3\" Error text is too large and was truncated, full error text is at: https://syzkaller.appspot.com/x/error.txt?x=1254e231180000 Tested on: commit: 217b2119 mm,page_owner: implement the tracking of the .. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git kernel config: https://syzkaller.appspot.com/x/.config?x=527195e149aa3091 dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-21 15:52 ` syzbot @ 2024-03-21 17:13 ` Stefan Hajnoczi 0 siblings, 0 replies; 14+ messages in thread From: Stefan Hajnoczi @ 2024-03-21 17:13 UTC (permalink / raw) To: osalvador Cc: jasowang, linux-kernel, michael.christie, mst, osalvador, pbonzini, syzkaller-bugs, virtualization, xuanzhuo, syzbot [-- Attachment #1: Type: text/plain, Size: 18274 bytes --] On Thu, Mar 21, 2024 at 08:52:03AM -0700, syzbot wrote: > Hello, > > syzbot tried to test the proposed patch but the build/boot failed: > > bcore: registered new interface driver viperboard > [ 7.297712][ T1] usbcore: registered new interface driver dln2 > [ 7.299149][ T1] usbcore: registered new interface driver pn533_usb > [ 7.304759][ T924] kworker/u4:1 (924) used greatest stack depth: 22768 bytes left > [ 7.308971][ T1] nfcsim 0.2 initialized > [ 7.310068][ T1] usbcore: registered new interface driver port100 > [ 7.311312][ T1] usbcore: registered new interface driver nfcmrvl > [ 7.318405][ T1] Loading iSCSI transport class v2.0-870. > [ 7.334687][ T1] virtio_scsi virtio0: 1/0/0 default/read/poll queues > [ 7.344927][ T1] ------------[ cut here ]------------ > [ 7.345739][ T1] refcount_t: decrement hit 0; leaking memory. This confirms that the following commit introduced this issue: commit 217b2119b9e260609958db413876f211038f00ee Author: Oscar Salvador <osalvador@suse.de> Date: Thu Feb 15 22:59:04 2024 +0100 mm,page_owner: implement the tracking of the stacks count Mike: thanks for pointing out the fix that Oscar is working on! Oscar: Please add the syzbot trailer to the next revision of your "[PATCH v2 0/2] page_owner: Refcount fixups" series so this issue can be closed. > [ 7.346982][ T1] WARNING: CPU: 0 PID: 1 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 > [ 7.348761][ T1] Modules linked in: > [ 7.349418][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc5-syzkaller-00257-g217b2119b9e2 #0 > [ 7.351070][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 > [ 7.352824][ T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 > [ 7.353979][ T1] Code: b2 00 00 00 e8 97 2d fc fc 5b 5d c3 cc cc cc cc e8 8b 2d fc fc c6 05 0d d9 d6 0a 01 90 48 c7 c7 a0 46 fd 8b e8 e7 2c c0 fc 90 <0f> 0b 90 90 eb d9 e8 6b 2d fc fc c6 05 ea d8 d6 0a 01 90 48 c7 c7 > [ 7.358181][ T1] RSP: 0000:ffffc90000066e10 EFLAGS: 00010246 > [ 7.360206][ T1] RAX: 67b097fa09053300 RBX: ffff88814073377c RCX: ffff8880166c0000 > [ 7.362234][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [ 7.363496][ T1] RBP: 0000000000000004 R08: ffffffff81589d62 R09: 1ffff9200000cd14 > [ 7.365139][ T1] R10: dffffc0000000000 R11: fffff5200000cd15 R12: ffffea000501edc0 > [ 7.366612][ T1] R13: ffffea000501edc8 R14: 1ffffd4000a03db9 R15: 0000000000000000 > [ 7.368171][ T1] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 > [ 7.370111][ T1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 7.371030][ T1] CR2: ffff88823ffff000 CR3: 000000000df34000 CR4: 00000000003506f0 > [ 7.372121][ T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > [ 7.373506][ T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > [ 7.374889][ T1] Call Trace: > [ 7.375371][ T1] <TASK> > [ 7.375798][ T1] ? __warn+0x162/0x4b0 > [ 7.376442][ T1] ? refcount_warn_saturate+0xfa/0x1d0 > [ 7.377482][ T1] ? report_bug+0x2b3/0x500 > [ 7.378161][ T1] ? refcount_warn_saturate+0xfa/0x1d0 > [ 7.379268][ T1] ? handle_bug+0x3e/0x70 > [ 7.379887][ T1] ? exc_invalid_op+0x1a/0x50 > [ 7.380563][ T1] ? asm_exc_invalid_op+0x1a/0x20 > [ 7.381253][ T1] ? __warn_printk+0x292/0x360 > [ 7.381912][ T1] ? refcount_warn_saturate+0xfa/0x1d0 > [ 7.382752][ T1] __free_pages_ok+0xc36/0xd60 > [ 7.384180][ T1] make_alloc_exact+0xc4/0x140 > [ 7.385037][ T1] vring_alloc_queue_split+0x20a/0x600 > [ 7.386037][ T1] ? __pfx_vring_alloc_queue_split+0x10/0x10 > [ 7.387029][ T1] ? vp_find_vqs+0x4c/0x4e0 > [ 7.387719][ T1] ? virtscsi_probe+0x3ea/0xf60 > [ 7.388408][ T1] ? virtio_dev_probe+0x991/0xaf0 > [ 7.389665][ T1] ? really_probe+0x29e/0xc50 > [ 7.390429][ T1] ? driver_probe_device+0x50/0x430 > [ 7.391176][ T1] vring_create_virtqueue_split+0xc6/0x310 > [ 7.392014][ T1] ? ret_from_fork+0x4b/0x80 > [ 7.392800][ T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10 > [ 7.394115][ T1] vring_create_virtqueue+0xca/0x110 > [ 7.395151][ T1] ? __pfx_vp_notify+0x10/0x10 > [ 7.395888][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.396674][ T1] setup_vq+0xe9/0x2d0 > [ 7.397283][ T1] ? __pfx_vp_notify+0x10/0x10 > [ 7.397938][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.398806][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.399938][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.400951][ T1] vp_setup_vq+0xbf/0x330 > [ 7.401889][ T1] ? __pfx_vp_config_changed+0x10/0x10 > [ 7.403092][ T1] ? ioread16+0x2f/0x90 > [ 7.403909][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.405136][ T1] vp_find_vqs_msix+0x8b2/0xc80 > [ 7.405892][ T1] vp_find_vqs+0x4c/0x4e0 > [ 7.406823][ T1] virtscsi_init+0x8db/0xd00 > [ 7.407669][ T1] ? __pfx_virtscsi_init+0x10/0x10 > [ 7.408413][ T1] ? __pfx_default_calc_sets+0x10/0x10 > [ 7.409369][ T1] ? scsi_host_alloc+0xa57/0xea0 > [ 7.410333][ T1] ? vp_get+0xfd/0x140 > [ 7.410899][ T1] virtscsi_probe+0x3ea/0xf60 > [ 7.411673][ T1] ? __pfx_virtscsi_probe+0x10/0x10 > [ 7.412520][ T1] ? kernfs_add_one+0x159/0x8b0 > [ 7.413222][ T1] ? virtio_no_restricted_mem_acc+0x9/0x10 > [ 7.414081][ T1] ? virtio_features_ok+0x10c/0x270 > [ 7.414875][ T1] virtio_dev_probe+0x991/0xaf0 > [ 7.415574][ T1] ? __pfx_virtio_dev_probe+0x10/0x10 > [ 7.416501][ T1] really_probe+0x29e/0xc50 > [ 7.417330][ T1] __driver_probe_device+0x1a2/0x3e0 > [ 7.418134][ T1] driver_probe_device+0x50/0x430 > [ 7.418922][ T1] __driver_attach+0x45f/0x710 > [ 7.419731][ T1] ? __pfx___driver_attach+0x10/0x10 > [ 7.420653][ T1] bus_for_each_dev+0x239/0x2b0 > [ 7.421541][ T1] ? __pfx___driver_attach+0x10/0x10 > [ 7.422345][ T1] ? __pfx_bus_for_each_dev+0x10/0x10 > [ 7.423094][ T1] ? do_raw_spin_unlock+0x13b/0x8b0 > [ 7.423964][ T1] bus_add_driver+0x347/0x620 > [ 7.424702][ T1] driver_register+0x23a/0x320 > [ 7.425353][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 > [ 7.426126][ T1] virtio_scsi_init+0x65/0xe0 > [ 7.426855][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 > [ 7.427617][ T1] do_one_initcall+0x238/0x830 > [ 7.428285][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 > [ 7.429095][ T1] ? __pfx_do_one_initcall+0x10/0x10 > [ 7.430084][ T1] ? lockdep_hardirqs_on_prepare+0x43c/0x780 > [ 7.431238][ T1] ? __pfx_parse_args+0x10/0x10 > [ 7.431953][ T1] ? do_initcalls+0x1c/0x80 > [ 7.432616][ T1] ? rcu_is_watching+0x15/0xb0 > [ 7.433413][ T1] do_initcall_level+0x157/0x210 > [ 7.434175][ T1] do_initcalls+0x3f/0x80 > [ 7.434918][ T1] kernel_init_freeable+0x42f/0x5d0 > [ 7.435664][ T1] ? __pfx_kernel_init_freeable+0x10/0x10 > [ 7.436745][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 > [ 7.437747][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.438487][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.439268][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.439947][ T1] kernel_init+0x1d/0x2b0 > [ 7.440600][ T1] ret_from_fork+0x4b/0x80 > [ 7.441572][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.442531][ T1] ret_from_fork_asm+0x1b/0x30 > [ 7.443322][ T1] </TASK> > [ 7.443865][ T1] Kernel panic - not syncing: kernel: panic_on_warn set ... > [ 7.444976][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc5-syzkaller-00257-g217b2119b9e2 #0 > [ 7.446451][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 > [ 7.447782][ T1] Call Trace: > [ 7.448300][ T1] <TASK> > [ 7.448752][ T1] dump_stack_lvl+0x1e7/0x2e0 > [ 7.449206][ T1] ? __pfx_dump_stack_lvl+0x10/0x10 > [ 7.449206][ T1] ? __pfx__printk+0x10/0x10 > [ 7.449206][ T1] ? _printk+0xd5/0x120 > [ 7.449206][ T1] ? vscnprintf+0x5d/0x90 > [ 7.449206][ T1] panic+0x349/0x860 > [ 7.449206][ T1] ? __warn+0x171/0x4b0 > [ 7.449206][ T1] ? __pfx_panic+0x10/0x10 > [ 7.449206][ T1] ? show_trace_log_lvl+0x4e4/0x520 > [ 7.449206][ T1] ? ret_from_fork_asm+0x1b/0x30 > [ 7.449206][ T1] __warn+0x31c/0x4b0 > [ 7.449206][ T1] ? refcount_warn_saturate+0xfa/0x1d0 > [ 7.449206][ T1] report_bug+0x2b3/0x500 > [ 7.449206][ T1] ? refcount_warn_saturate+0xfa/0x1d0 > [ 7.458645][ T1] handle_bug+0x3e/0x70 > [ 7.458645][ T1] exc_invalid_op+0x1a/0x50 > [ 7.458645][ T1] asm_exc_invalid_op+0x1a/0x20 > [ 7.458645][ T1] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 > [ 7.458645][ T1] Code: b2 00 00 00 e8 97 2d fc fc 5b 5d c3 cc cc cc cc e8 8b 2d fc fc c6 05 0d d9 d6 0a 01 90 48 c7 c7 a0 46 fd 8b e8 e7 2c c0 fc 90 <0f> 0b 90 90 eb d9 e8 6b 2d fc fc c6 05 ea d8 d6 0a 01 90 48 c7 c7 > [ 7.458645][ T1] RSP: 0000:ffffc90000066e10 EFLAGS: 00010246 > [ 7.458645][ T1] RAX: 67b097fa09053300 RBX: ffff88814073377c RCX: ffff8880166c0000 > [ 7.458645][ T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > [ 7.468739][ T1] RBP: 0000000000000004 R08: ffffffff81589d62 R09: 1ffff9200000cd14 > [ 7.468739][ T1] R10: dffffc0000000000 R11: fffff5200000cd15 R12: ffffea000501edc0 > [ 7.468739][ T1] R13: ffffea000501edc8 R14: 1ffffd4000a03db9 R15: 0000000000000000 > [ 7.468739][ T1] ? __warn_printk+0x292/0x360 > [ 7.468739][ T1] __free_pages_ok+0xc36/0xd60 > [ 7.468739][ T1] make_alloc_exact+0xc4/0x140 > [ 7.468739][ T1] vring_alloc_queue_split+0x20a/0x600 > [ 7.468739][ T1] ? __pfx_vring_alloc_queue_split+0x10/0x10 > [ 7.468739][ T1] ? vp_find_vqs+0x4c/0x4e0 > [ 7.468739][ T1] ? virtscsi_probe+0x3ea/0xf60 > [ 7.478647][ T1] ? virtio_dev_probe+0x991/0xaf0 > [ 7.478647][ T1] ? really_probe+0x29e/0xc50 > [ 7.478647][ T1] ? driver_probe_device+0x50/0x430 > [ 7.478647][ T1] vring_create_virtqueue_split+0xc6/0x310 > [ 7.478647][ T1] ? ret_from_fork+0x4b/0x80 > [ 7.478647][ T1] ? __pfx_vring_create_virtqueue_split+0x10/0x10 > [ 7.478647][ T1] vring_create_virtqueue+0xca/0x110 > [ 7.478647][ T1] ? __pfx_vp_notify+0x10/0x10 > [ 7.478647][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.478647][ T1] setup_vq+0xe9/0x2d0 > [ 7.478647][ T1] ? __pfx_vp_notify+0x10/0x10 > [ 7.478647][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.488714][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.488714][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.488714][ T1] vp_setup_vq+0xbf/0x330 > [ 7.488714][ T1] ? __pfx_vp_config_changed+0x10/0x10 > [ 7.488714][ T1] ? ioread16+0x2f/0x90 > [ 7.488714][ T1] ? __pfx_virtscsi_ctrl_done+0x10/0x10 > [ 7.488714][ T1] vp_find_vqs_msix+0x8b2/0xc80 > [ 7.488714][ T1] vp_find_vqs+0x4c/0x4e0 > [ 7.488714][ T1] virtscsi_init+0x8db/0xd00 > [ 7.488714][ T1] ? __pfx_virtscsi_init+0x10/0x10 > [ 7.488714][ T1] ? __pfx_default_calc_sets+0x10/0x10 > [ 7.498614][ T1] ? scsi_host_alloc+0xa57/0xea0 > [ 7.498614][ T1] ? vp_get+0xfd/0x140 > [ 7.498614][ T1] virtscsi_probe+0x3ea/0xf60 > [ 7.498614][ T1] ? __pfx_virtscsi_probe+0x10/0x10 > [ 7.498614][ T1] ? kernfs_add_one+0x159/0x8b0 > [ 7.498614][ T1] ? virtio_no_restricted_mem_acc+0x9/0x10 > [ 7.498614][ T1] ? virtio_features_ok+0x10c/0x270 > [ 7.498614][ T1] virtio_dev_probe+0x991/0xaf0 > [ 7.498614][ T1] ? __pfx_virtio_dev_probe+0x10/0x10 > [ 7.498614][ T1] really_probe+0x29e/0xc50 > [ 7.498614][ T1] __driver_probe_device+0x1a2/0x3e0 > [ 7.508689][ T1] driver_probe_device+0x50/0x430 > [ 7.508689][ T1] __driver_attach+0x45f/0x710 > [ 7.508689][ T1] ? __pfx___driver_attach+0x10/0x10 > [ 7.508689][ T1] bus_for_each_dev+0x239/0x2b0 > [ 7.508689][ T1] ? __pfx___driver_attach+0x10/0x10 > [ 7.508689][ T1] ? __pfx_bus_for_each_dev+0x10/0x10 > [ 7.508689][ T1] ? do_raw_spin_unlock+0x13b/0x8b0 > [ 7.508689][ T1] bus_add_driver+0x347/0x620 > [ 7.508689][ T1] driver_register+0x23a/0x320 > [ 7.508689][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 > [ 7.508689][ T1] virtio_scsi_init+0x65/0xe0 > [ 7.518645][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 > [ 7.518645][ T1] do_one_initcall+0x238/0x830 > [ 7.518645][ T1] ? __pfx_virtio_scsi_init+0x10/0x10 > [ 7.518645][ T1] ? __pfx_do_one_initcall+0x10/0x10 > [ 7.518645][ T1] ? lockdep_hardirqs_on_prepare+0x43c/0x780 > [ 7.518645][ T1] ? __pfx_parse_args+0x10/0x10 > [ 7.518645][ T1] ? do_initcalls+0x1c/0x80 > [ 7.518645][ T1] ? rcu_is_watching+0x15/0xb0 > [ 7.518645][ T1] do_initcall_level+0x157/0x210 > [ 7.518645][ T1] do_initcalls+0x3f/0x80 > [ 7.518645][ T1] kernel_init_freeable+0x42f/0x5d0 > [ 7.528806][ T1] ? __pfx_kernel_init_freeable+0x10/0x10 > [ 7.528806][ T1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 > [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.528806][ T1] kernel_init+0x1d/0x2b0 > [ 7.528806][ T1] ret_from_fork+0x4b/0x80 > [ 7.528806][ T1] ? __pfx_kernel_init+0x10/0x10 > [ 7.528806][ T1] ret_from_fork_asm+0x1b/0x30 > [ 7.528806][ T1] </TASK> > [ 7.528806][ T1] Kernel Offset: disabled > [ 7.528806][ T1] Rebooting in 86400 seconds.. > > > syzkaller build log: > go env (err=<nil>) > GO111MODULE='auto' > GOARCH='amd64' > GOBIN='' > GOCACHE='/syzkaller/.cache/go-build' > GOENV='/syzkaller/.config/go/env' > GOEXE='' > GOEXPERIMENT='' > GOFLAGS='' > GOHOSTARCH='amd64' > GOHOSTOS='linux' > GOINSECURE='' > GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod' > GONOPROXY='' > GONOSUMDB='' > GOOS='linux' > GOPATH='/syzkaller/jobs/linux/gopath' > GOPRIVATE='' > GOPROXY='https://proxy.golang.org,direct' > GOROOT='/usr/local/go' > GOSUMDB='sum.golang.org' > GOTMPDIR='' > GOTOOLCHAIN='auto' > GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' > GOVCS='' > GOVERSION='go1.21.4' > GCCGO='gccgo' > GOAMD64='v1' > AR='ar' > CC='gcc' > CXX='g++' > CGO_ENABLED='1' > GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod' > GOWORK='' > CGO_CFLAGS='-O2 -g' > CGO_CPPFLAGS='' > CGO_CXXFLAGS='-O2 -g' > CGO_FFLAGS='-O2 -g' > CGO_LDFLAGS='-O2 -g' > PKG_CONFIG='pkg-config' > GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2530895313=/tmp/go-build -gno-record-gcc-switches' > > git status (err=<nil>) > HEAD detached at 6753db5cd > nothing to commit, working tree clean > > > tput: No value for $TERM and no -T specified > tput: No value for $TERM and no -T specified > Makefile:31: run command via tools/syz-env for best compatibility, see: > Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env > go list -f '{{.Stale}}' ./sys/syz-sysgen | grep -q false || go install ./sys/syz-sysgen > make .descriptions > tput: No value for $TERM and no -T specified > tput: No value for $TERM and no -T specified > Makefile:31: run command via tools/syz-env for best compatibility, see: > Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env > bin/syz-sysgen > touch .descriptions > GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6753db5cdc04330ec9d1a5116b890c19481d69b3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240320-145051'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-fuzzer github.com/google/syzkaller/syz-fuzzer > GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6753db5cdc04330ec9d1a5116b890c19481d69b3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240320-145051'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog > GOOS=linux GOARCH=amd64 go build "-ldflags=-s -w -X github.com/google/syzkaller/prog.GitRevision=6753db5cdc04330ec9d1a5116b890c19481d69b3 -X 'github.com/google/syzkaller/prog.gitRevisionDate=20240320-145051'" "-tags=syz_target syz_os_linux syz_arch_amd64 " -o ./bin/linux_amd64/syz-stress github.com/google/syzkaller/tools/syz-stress > mkdir -p ./bin/linux_amd64 > gcc -o ./bin/linux_amd64/syz-executor executor/executor.cc \ > -m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -fpermissive -w -DGOOS_linux=1 -DGOARCH_amd64=1 \ > -DHOSTGOOS_linux=1 -DGIT_REVISION=\"6753db5cdc04330ec9d1a5116b890c19481d69b3\" > > > Error text is too large and was truncated, full error text is at: > https://syzkaller.appspot.com/x/error.txt?x=1254e231180000 > > > Tested on: > > commit: 217b2119 mm,page_owner: implement the tracking of the .. > git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git > kernel config: https://syzkaller.appspot.com/x/.config?x=527195e149aa3091 > dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 > compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 > > Note: no patches were applied. > [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 7:40 ` Michael S. Tsirkin 2024-03-19 17:19 ` Stefan Hajnoczi @ 2024-03-19 18:59 ` Stefan Hajnoczi 2024-03-20 6:12 ` syzbot 1 sibling, 1 reply; 14+ messages in thread From: Stefan Hajnoczi @ 2024-03-19 18:59 UTC (permalink / raw) To: syzbot Cc: Michael S. Tsirkin, jasowang, linux-kernel, syzkaller-bugs, virtualization, xuanzhuo, Paolo Bonzini [-- Attachment #1: Type: text/plain, Size: 348 bytes --] #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 52998cdd8d3438df9a77c858a827b8932da1bb28 This is the last time virtio_scsi.c was touched. If the test passes then the issue is probably in another subsystem and we can bisect more recent commits. If it fails, then older virtio_scsi.c commits need to be bisected. Stefan [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 488 bytes --] ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 18:59 ` Stefan Hajnoczi @ 2024-03-20 6:12 ` syzbot 0 siblings, 0 replies; 14+ messages in thread From: syzbot @ 2024-03-20 6:12 UTC (permalink / raw) To: jasowang, linux-kernel, mst, pbonzini, stefanha, syzkaller-bugs, virtualization, xuanzhuo Hello, syzbot has tested the proposed patch and the reproducer did not trigger any issue: Reported-and-tested-by: syzbot+70f57d8a3ae84934c003@syzkaller.appspotmail.com Tested on: commit: 52998cdd Merge branch '6.8/scsi-staging' into 6.8/scsi.. git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git kernel config: https://syzkaller.appspot.com/x/.config?x=7b1f286a7e950707 dashboard link: https://syzkaller.appspot.com/bug?extid=70f57d8a3ae84934c003 compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40 Note: no patches were applied. Note: testing is done by a robot and is best-effort only. ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-19 7:32 [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok syzbot 2024-03-19 7:40 ` Michael S. Tsirkin @ 2024-03-26 11:14 ` Tetsuo Handa 2024-04-20 9:22 ` Tetsuo Handa 1 sibling, 1 reply; 14+ messages in thread From: Tetsuo Handa @ 2024-03-26 11:14 UTC (permalink / raw) To: syzbot, linux-kernel, syzkaller-bugs #syz fix: mm,page_owner: Fix refcount imbalance ^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok 2024-03-26 11:14 ` Tetsuo Handa @ 2024-04-20 9:22 ` Tetsuo Handa 0 siblings, 0 replies; 14+ messages in thread From: Tetsuo Handa @ 2024-04-20 9:22 UTC (permalink / raw) To: syzbot, linux-kernel, syzkaller-bugs #syz fix: mm,page_owner: fix refcount imbalance ^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2024-04-20 9:22 UTC | newest] Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2024-03-19 7:32 [syzbot] [virtualization?] upstream boot error: WARNING: refcount bug in __free_pages_ok syzbot 2024-03-19 7:40 ` Michael S. Tsirkin 2024-03-19 17:19 ` Stefan Hajnoczi 2024-03-19 17:47 ` Michael S. Tsirkin 2024-03-19 20:51 ` Mike Christie 2024-03-20 11:30 ` Stefan Hajnoczi 2024-03-20 20:08 ` syzbot 2024-03-21 12:07 ` Stefan Hajnoczi 2024-03-21 15:52 ` syzbot 2024-03-21 17:13 ` Stefan Hajnoczi 2024-03-19 18:59 ` Stefan Hajnoczi 2024-03-20 6:12 ` syzbot 2024-03-26 11:14 ` Tetsuo Handa 2024-04-20 9:22 ` Tetsuo Handa
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.