From: syzbot <syzbot+ffe71f1ff7f8061bcc98@syzkaller.appspotmail.com>
To: akpm@linux-foundation.org, dvyukov@google.com, elver@google.com,
glider@google.com, kasan-dev@googlegroups.com,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
syzkaller-bugs@googlegroups.com
Subject: [syzbot] WARNING in __kfence_free
Date: Thu, 21 Apr 2022 01:58:23 -0700 [thread overview]
Message-ID: <000000000000f46c6305dd264f30@google.com> (raw)
Hello,
syzbot found the following issue on:
HEAD commit: 559089e0a93d vmalloc: replace VM_NO_HUGE_VMAP with VM_ALLO..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=10853220f00000
kernel config: https://syzkaller.appspot.com/x/.config?x=2e1f9b9947966f42
dashboard link: https://syzkaller.appspot.com/bug?extid=ffe71f1ff7f8061bcc98
compiler: aarch64-linux-gnu-gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+ffe71f1ff7f8061bcc98@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 0 PID: 2216 at mm/kfence/core.c:1022 __kfence_free+0x84/0xc0 mm/kfence/core.c:1022
Modules linked in:
CPU: 0 PID: 2216 Comm: syz-executor.0 Not tainted 5.18.0-rc3-syzkaller-00007-g559089e0a93d #0
Hardware name: linux,dummy-virt (DT)
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __kfence_free+0x84/0xc0 mm/kfence/core.c:1022
lr : kfence_free include/linux/kfence.h:186 [inline]
lr : __slab_free+0x2e4/0x4d4 mm/slub.c:3315
sp : ffff80000a9fb980
x29: ffff80000a9fb980 x28: ffff80000a280040 x27: f2ff000002c01c00
x26: ffff00007b694040 x25: ffff00007b694000 x24: 0000000000000001
x23: ffff00007b694000 x22: ffff00007b694000 x21: f2ff000002c01c00
x20: ffff80000821accc x19: fffffc0001eda500 x18: 0000000000000002
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000001 x13: 000000000005eb7f x12: f7ff000007a08024
x11: f7ff000007a08000 x10: 0000000000000000 x9 : 0000000000000014
x8 : 0000000000000001 x7 : 0000000000094000 x6 : ffff80000a280000
x5 : ffff80000821accc x4 : ffff80000a50e078 x3 : ffff80000a280348
x2 : f0ff00001e325c00 x1 : ffff80000a522b40 x0 : ffff00007b694000
Call trace:
__kfence_free+0x84/0xc0 mm/kfence/core.c:1022
kfence_free include/linux/kfence.h:186 [inline]
__slab_free+0x2e4/0x4d4 mm/slub.c:3315
do_slab_free mm/slub.c:3498 [inline]
slab_free mm/slub.c:3511 [inline]
kfree+0x320/0x37c mm/slub.c:4552
kvfree+0x3c/0x50 mm/util.c:615
xt_free_table_info+0x78/0x90 net/netfilter/x_tables.c:1212
__do_replace+0x240/0x330 net/ipv6/netfilter/ip6_tables.c:1104
do_replace net/ipv6/netfilter/ip6_tables.c:1157 [inline]
do_ip6t_set_ctl+0x374/0x4e0 net/ipv6/netfilter/ip6_tables.c:1639
nf_setsockopt+0x68/0x94 net/netfilter/nf_sockopt.c:101
ipv6_setsockopt+0xa8/0x220 net/ipv6/ipv6_sockglue.c:1026
tcp_setsockopt+0x38/0xdb4 net/ipv4/tcp.c:3696
sock_common_setsockopt+0x1c/0x30 net/core/sock.c:3505
__sys_setsockopt+0xa0/0x1c0 net/socket.c:2180
__do_sys_setsockopt net/socket.c:2191 [inline]
__se_sys_setsockopt net/socket.c:2188 [inline]
__arm64_sys_setsockopt+0x2c/0x40 net/socket.c:2188
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x48/0x114 arch/arm64/kernel/syscall.c:52
el0_svc_common.constprop.0+0x44/0xec arch/arm64/kernel/syscall.c:142
do_el0_svc+0x6c/0x84 arch/arm64/kernel/syscall.c:181
el0_svc+0x44/0xb0 arch/arm64/kernel/entry-common.c:616
el0t_64_sync_handler+0x1a4/0x1b0 arch/arm64/kernel/entry-common.c:634
el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:581
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
next reply other threads:[~2022-04-21 8:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-21 8:58 syzbot [this message]
[not found] ` <000000000000f46c6305dd264f30-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2022-04-21 9:12 ` [syzbot] WARNING in __kfence_free Marco Elver
2022-04-21 9:12 ` Marco Elver
[not found] ` <YmEf8dpSXJeZ2813-Zcm/davGjwjuPzagQnfukA@public.gmane.org>
2022-04-22 5:09 ` Muchun Song
2022-04-22 5:09 ` Muchun Song
[not found] ` <YmI4d8xR3tafv2Cq-t1y1lxtqHnnw2QbUemf3bixXY32XiHfO@public.gmane.org>
2022-04-22 10:37 ` Marco Elver
2022-04-22 10:37 ` Marco Elver
2022-04-22 6:06 ` Zhang, Qiang1
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=000000000000f46c6305dd264f30@google.com \
--to=syzbot+ffe71f1ff7f8061bcc98@syzkaller.appspotmail.com \
--cc=akpm@linux-foundation.org \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.