syzbot


kernel BUG at mm/vmscan.c:LINE! (2)

Status: closed as invalid on 2020/06/27 23:44
Reported-by: syzbot+8e6326965378936537c3@syzkaller.appspotmail.com
Fix commit: mm: clear PG_active on MADV_PAGEOUT
First crash: 1226d, last: 1117d

Cause bisection: introduced by (bisect log) :
commit 06a833a1167e9cbb43a9a4317ec24585c6ec85cb
Author: Minchan Kim <minchan@kernel.org>
Date: Sat Jul 27 05:12:38 2019 +0000

  mm: introduce MADV_PAGEOUT

Crash: kernel BUG at mm/vmscan.c:LINE! (log)
Repro: C syz .config
similar bugs (1):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at mm/vmscan.c:LINE! 14 1610d 1614d 0/24 closed as invalid on 2018/07/17 19:11

Sample crash report:
raw: 01fffc0000090025 dead000000000100 dead000000000122 ffff88809c49f741
raw: 0000000000020000 0000000000000000 00000002ffffffff ffff88821b6eaac0
page dumped because: VM_BUG_ON_PAGE(PageActive(page))
page->mem_cgroup:ffff88821b6eaac0
------------[ cut here ]------------
kernel BUG at mm/vmscan.c:1156!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 9846 Comm: syz-executor110 Not tainted 5.3.0-rc2-next-20190729 #54
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:shrink_page_list+0x2872/0x5430 mm/vmscan.c:1156
Code: d9 ea ff ff e8 df 3c dd ff 4c 8d 6b ff e9 1c db ff ff e8 d1 3c dd ff 48 8b bd 10 ff ff ff 48 c7 c6 80 85 93 87 e8 fe 10 07 00 <0f> 0b e8 b7 3c dd ff be 08 00 00 00 4c 89 ef e8 0a f2 17 00 4c 89
RSP: 0018:ffff888092427598 EFLAGS: 00010293
RAX: ffff88809a6a43c0 RBX: 0000000000000020 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff819bfec7 RDI: ffffed1012484e97
RBP: ffff888092427730 R08: 0000000000000021 R09: ffffed1015d260d1
R10: ffffed1015d260d0 R11: ffff8880ae930687 R12: dffffc0000000000
R13: ffffea0002198000 R14: 0000000000000000 R15: ffffea0002198008
FS:  000055555617d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 00000000a818a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 reclaim_pages+0x3b8/0x8f0 mm/vmscan.c:2202
 madvise_cold_or_pageout_pte_range+0x18c4/0x2e20 mm/madvise.c:391
 walk_pmd_range mm/pagewalk.c:51 [inline]
 walk_pud_range mm/pagewalk.c:109 [inline]
 walk_p4d_range mm/pagewalk.c:135 [inline]
 walk_pgd_range mm/pagewalk.c:161 [inline]
 __walk_page_range+0xd2a/0x1680 mm/pagewalk.c:254
 walk_page_range+0x1a6/0x3e0 mm/pagewalk.c:335
 madvise_pageout_page_range.isra.0+0xdd/0x120 mm/madvise.c:532
 madvise_pageout+0x227/0x3a0 mm/madvise.c:568
 madvise_vma mm/madvise.c:965 [inline]
 __do_sys_madvise mm/madvise.c:1145 [inline]
 __se_sys_madvise mm/madvise.c:1073 [inline]
 __x64_sys_madvise+0x719/0x1500 mm/madvise.c:1073
 do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x440149
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffdb1a77db8 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440149
RDX: 0000000000000015 RSI: 0000000000600003 RDI: 0000000020000000
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004019d0
R13: 0000000000401a60 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace f888ef64246a2afc ]---
RIP: 0010:shrink_page_list+0x2872/0x5430 mm/vmscan.c:1156
Code: d9 ea ff ff e8 df 3c dd ff 4c 8d 6b ff e9 1c db ff ff e8 d1 3c dd ff 48 8b bd 10 ff ff ff 48 c7 c6 80 85 93 87 e8 fe 10 07 00 <0f> 0b e8 b7 3c dd ff be 08 00 00 00 4c 89 ef e8 0a f2 17 00 4c 89
RSP: 0018:ffff888092427598 EFLAGS: 00010293
RAX: ffff88809a6a43c0 RBX: 0000000000000020 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff819bfec7 RDI: ffffed1012484e97
RBP: ffff888092427730 R08: 0000000000000021 R09: ffffed1015d260d1
R10: ffffed1015d260d0 R11: ffff8880ae930687 R12: dffffc0000000000
R13: ffffea0002198000 R14: 0000000000000000 R15: ffffea0002198008
FS:  000055555617d880(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000080 CR3: 00000000a818a000 CR4: 00000000001406e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (54):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2019/07/29 16:29 linux-next 0d8b3265d9a6 c85e1c5b .config log report syz C
ci-upstream-kasan-gce 2019/11/16 04:50 upstream eb70e26cd79d cdac920b .config log report
ci-upstream-kasan-gce-selinux-root 2019/10/30 22:12 upstream 320000e72ec0 a41ca8fa .config log report
ci-upstream-kasan-gce 2019/10/27 19:26 upstream 5a1e843c66fa 25bb509e .config log report
ci-upstream-kasan-gce-root 2019/10/26 00:20 upstream 8caacaad78b6 c2e837da .config log report
ci-upstream-kasan-gce-smack-root 2019/10/22 19:56 upstream 3b7c59a1950c 5681358a .config log report
ci-upstream-kasan-gce 2019/10/19 11:56 upstream b9959c7a347d 8c88c9c1 .config log report
ci-upstream-kasan-gce-smack-root 2019/10/18 12:07 upstream 0e2adab6cf28 8c88c9c1 .config log report
ci-upstream-kasan-gce-smack-root 2019/10/13 11:03 upstream da94001239cc 2f661ec4 .config log report
ci-upstream-kasan-gce-smack-root 2019/10/09 10:30 upstream e3280b54afed 312c6a5a .config log report
ci-upstream-kasan-gce-smack-root 2019/10/01 02:02 upstream 54ecb8f7028c c7a4fb99 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/07 08:48 linux-next 958eb4327c17 cdde7486 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/07 04:51 linux-next 958eb4327c17 c6f01e54 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/07 01:59 linux-next 958eb4327c17 c6f01e54 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/06 21:31 linux-next 958eb4327c17 c6f01e54 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/06 17:43 linux-next 958eb4327c17 c6f01e54 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/06 02:43 linux-next b1645c0cbd48 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/05 23:25 linux-next b1645c0cbd48 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/05 21:18 linux-next b1645c0cbd48 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/05 21:16 linux-next b1645c0cbd48 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/04 23:14 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/04 22:22 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/04 19:59 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/04 04:50 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/04 00:20 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/04 00:20 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/03 22:26 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/03 21:39 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/03 20:36 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/03 14:29 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/03 12:58 linux-next 7b4980e0bcf4 6affd8e8 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/02 15:49 linux-next 7b4980e0bcf4 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/02 15:30 linux-next 7b4980e0bcf4 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/02 15:00 linux-next 7b4980e0bcf4 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/02 02:30 linux-next 882e8691130b 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/01 21:08 linux-next 882e8691130b 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/01 19:27 linux-next 882e8691130b 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/01 18:39 linux-next 882e8691130b 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/08/01 17:06 linux-next 882e8691130b 835dffe7 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/31 22:28 linux-next ce96e791d6a7 c692b5bd .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/31 20:26 linux-next ce96e791d6a7 c692b5bd .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/31 09:05 linux-next 70f4b4ac1655 7c7ded69 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/31 06:08 linux-next 70f4b4ac1655 7c7ded69 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/31 02:57 linux-next 70f4b4ac1655 7c7ded69 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/30 21:28 linux-next 70f4b4ac1655 f28bf2a5 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/30 21:03 linux-next 70f4b4ac1655 f28bf2a5 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/30 19:59 linux-next 70f4b4ac1655 f28bf2a5 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/30 16:49 linux-next 70f4b4ac1655 f28bf2a5 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/30 09:56 linux-next 70f4b4ac1655 f28bf2a5 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/30 02:28 linux-next 0d8b3265d9a6 f67095ee .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/29 23:34 linux-next 0d8b3265d9a6 f67095ee .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/29 23:31 linux-next 0d8b3265d9a6 f67095ee .config log report
ci-upstream-linux-next-kasan-gce-root 2019/07/29 16:10 linux-next 0d8b3265d9a6 c85e1c5b .config log report
* Struck through repros no longer work on HEAD.