Re: BUG: Bad page state (3)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Dec 31, 2017 at 11:03:01PM -0800, syzbot wrote:
> Hello,
> 
> syzkaller hit the following crash on
> 30a7acd573899fd8b8ac39236eff6468b195ac7d
> git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master
> compiler: gcc (GCC) 7.1.1 20170620
> .config is attached
> Raw console output is attached.
> C reproducer is attached
> syzkaller reproducer is attached. See https://goo.gl/kgGztJ
> for information about syzkaller reproducers
> 
> 
> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> Reported-by: syzbot+b8845cd4aa5a5e2c6cdc@xxxxxxxxxxxxxxxxxxxxxxxxx
> It will help syzbot understand when the bug is fixed. See footer for
> details.
> If you forward the report, please keep this part and the footer.
> 
> BUG: Bad page state in process syzkaller246299  pfn:1c0c5f
> page:000000004c4544aa count:1 mapcount:1 mapping:          (null) index:0x0
> flags: 0x2fffc0000000004(referenced)
> raw: 02fffc0000000004 0000000000000000 0000000000000000 0000000100000000
> raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000
> page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
> Modules linked in:
> CPU: 1 PID: 3493 Comm: syzkaller246299 Not tainted 4.15.0-rc6+ #245
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
> Google 01/01/2011
> Call Trace:
>  __dump_stack lib/dump_stack.c:17 [inline]
>  dump_stack+0x194/0x257 lib/dump_stack.c:53
>  bad_page+0x230/0x2b0 mm/page_alloc.c:577
>  free_pages_check_bad+0x1f0/0x2e0 mm/page_alloc.c:955
>  free_pages_check mm/page_alloc.c:964 [inline]
>  free_pages_prepare mm/page_alloc.c:1054 [inline]
>  free_pcp_prepare mm/page_alloc.c:1079 [inline]
>  free_unref_page_prepare mm/page_alloc.c:2622 [inline]
>  free_unref_page+0x594/0x9e0 mm/page_alloc.c:2672
>  __free_pages+0x107/0x150 mm/page_alloc.c:4297
>  free_pages+0x51/0x90 mm/page_alloc.c:4309
>  mon_free_buff drivers/usb/mon/mon_bin.c:1331 [inline]
>  mon_bin_ioctl+0x653/0xd40 drivers/usb/mon/mon_bin.c:1039
>  vfs_ioctl fs/ioctl.c:46 [inline]
>  do_vfs_ioctl+0x1b1/0x1520 fs/ioctl.c:686
>  SYSC_ioctl fs/ioctl.c:701 [inline]
>  SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
>  entry_SYSCALL_64_fastpath+0x23/0x9a

Crash is no longer occurring, seems to have been fixed by commit 46eb14a6e1585:

#syz fix: USB: fix usbmon BUG trigger

- Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux