syzbot

 sign-in | mailing list | source | docs
🐞 Open [1281] Subsystems 🐞 Fixed [5446] 🐞 Invalid [12895] Missing Backports [109] 📈 Kernel Health 📈 Bugs/Month 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 📈 Coverage 💬 Send us feedback

BUG: corrupted list in __page_cache_release

Status: moderation: reported on 2024/06/29 08:59
Subsystems: mm
[Documentation on labels]
Reported-by: syzbot+0f63d53e48cb67a605db@syzkaller.appspotmail.com
First crash: 7d01h, last: 7d01h

Sample crash report:
netdevsim netdevsim1 netdevsim0: renamed from eth0
list_del corruption, ffffea000665bec8->next is LIST_POISON1 (dead000000000100)
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:58!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
CPU: 0 UID: 0 PID: 20597 Comm: syz-executor Not tainted 6.10.0-rc5-next-20240624-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56
Code: e8 01 96 d3 06 90 0f 0b 48 c7 c7 60 78 20 8c 4c 89 fe e8 ef 95 d3 06 90 0f 0b 48 c7 c7 c0 78 20 8c 4c 89 fe e8 dd 95 d3 06 90 <0f> 0b 48 c7 c7 20 79 20 8c 4c 89 fe e8 cb 95 d3 06 90 0f 0b 48 c7
RSP: 0000:ffffc9000430f0f8 EFLAGS: 00010046
RAX: 000000000000004e RBX: dead000000000122 RCX: c283f8a58d4e8600
RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
RBP: ffffc9000430f1f0 R08: ffffffff8173a319 R09: fffffbfff1c39b44
R10: dffffc0000000000 R11: fffffbfff1c39b44 R12: dffffc0000000000
R13: ffffc9000430f180 R14: dead000000000100 R15: ffffea000665bec8
FS:  000055557b8b2500(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd44e54828 CR3: 000000006c222000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 __list_del_entry_valid include/linux/list.h:124 [inline]
 __list_del_entry include/linux/list.h:215 [inline]
 list_del include/linux/list.h:229 [inline]
 lru_gen_del_folio include/linux/mm_inline.h:289 [inline]
 lruvec_del_folio include/linux/mm_inline.h:351 [inline]
 __page_cache_release+0x911/0x24b0 mm/swap.c:82
 page_cache_release mm/swap.c:110 [inline]
 __folio_put+0x17f/0x440 mm/swap.c:125
 migrate_folio_unmap mm/migrate.c:1117 [inline]
 migrate_pages_batch+0x9f0/0x3960 mm/migrate.c:1698
 migrate_pages+0x2264/0x3460 mm/migrate.c:1968
 migrate_misplaced_folio+0x323/0x9b0 mm/migrate.c:2613
 do_numa_page mm/memory.c:5358 [inline]
 handle_pte_fault+0x3e6e/0x6eb0 mm/memory.c:5528
 __handle_mm_fault mm/memory.c:5665 [inline]
 handle_mm_fault+0x10df/0x1ba0 mm/memory.c:5830
 do_user_addr_fault arch/x86/mm/fault.c:1338 [inline]
 handle_page_fault arch/x86/mm/fault.c:1481 [inline]
 exc_page_fault+0x459/0x8c0 arch/x86/mm/fault.c:1539
 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623
RIP: 0033:0x7f68c2177ad6
Code: 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 48 3d 00 f0 ff ff 77 34 89 ef <48> 89 44 24 08 e8 70 5a 02 00 48 8b 44 24 08 48 83 c4 30 5d c3 0f
RSP: 002b:00007ffd44e54820 EFLAGS: 00010207
RAX: 0000000000000030 RBX: 00007f68c2e335c0 RCX: 00007f68c2177acc
RDX: 0000000000000030 RSI: 00007f68c2e33610 RDI: 0000000000000000
RBP: 0000000000000000 R08: 00007ffd44e54874 R09: 000000000000000c
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000006
R13: 0000000000000000 R14: 00007f68c2e33610 R15: 0000000000000000
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56
Code: e8 01 96 d3 06 90 0f 0b 48 c7 c7 60 78 20 8c 4c 89 fe e8 ef 95 d3 06 90 0f 0b 48 c7 c7 c0 78 20 8c 4c 89 fe e8 dd 95 d3 06 90 <0f> 0b 48 c7 c7 20 79 20 8c 4c 89 fe e8 cb 95 d3 06 90 0f 0b 48 c7
RSP: 0000:ffffc9000430f0f8 EFLAGS: 00010046
RAX: 000000000000004e RBX: dead000000000122 RCX: c283f8a58d4e8600
RDX: 0000000000000000 RSI: 0000000080000001 RDI: 0000000000000000
RBP: ffffc9000430f1f0 R08: ffffffff8173a319 R09: fffffbfff1c39b44
R10: dffffc0000000000 R11: fffffbfff1c39b44 R12: dffffc0000000000
R13: ffffc9000430f180 R14: dead000000000100 R15: ffffea000665bec8
FS:  000055557b8b2500(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffd44e54828 CR3: 000000006c222000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (4):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/06/25 08:50 linux-next 62c97045b8f7 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in __page_cache_release
2024/06/25 08:50 linux-next 62c97045b8f7 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in __page_cache_release
2024/06/25 08:50 linux-next 62c97045b8f7 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in __page_cache_release
2024/06/25 08:47 linux-next 62c97045b8f7 215eef4a .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root BUG: corrupted list in __page_cache_release
* Struck through repros no longer work on HEAD.