syzbot

 sign-in | mailing list | source | docs
🐞 Open [993] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12515] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING in page_counter_cancel

Status: closed as invalid on 2018/07/05 16:25
Subsystems: mm
[Documentation on labels]
First crash: 2122d, last: 2122d
Similar bugs (3)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream WARNING in page_counter_cancel (2) mm 13 1208d 1212d 0/26 auto-closed as invalid on 2021/04/05 00:39
upstream WARNING in page_counter_cancel (3) mm C done 22 837d 887d 20/26 fixed on 2022/03/08 16:11
upstream WARNING in page_counter_cancel (4) mm C done 4 633d 648d 0/26 auto-obsoleted due to no activity on 2022/11/26 07:53

Sample crash report:
WARNING: CPU: 1 PID: 22462 at mm/page_counter.c:62 page_counter_cancel+0x57/0x60 mm/page_counter.c:62
Kernel panic - not syncing: panic_on_warn set ...

PANIC: double fault, error_code: 0x0
CPU: 1 PID: 22462 Comm: syz-executor0 Not tainted 4.18.0-rc3+ #45
CPU: 0 PID: 22466 Comm: syz-executor2 Not tainted 4.18.0-rc3+ #45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
RIP: 0010:__lock_acquire+0x2e/0x5020 kernel/locking/lockdep.c:3294
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x1c9/0x2b4 lib/dump_stack.c:113
Code: 
41 57 
 panic+0x238/0x4e7 kernel/panic.c:184
41 89 
cf 
41 
56 41 
55 
 __warn.cold.8+0x163/0x1ba kernel/panic.c:536
49 
89 
 report_bug+0x252/0x2d0 lib/bug.c:186
fd 
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
41 54 
45 89 
cc 
53 
65 
4c 8b 
34 
25 
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
40 
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
ee 
RIP: 0010:page_counter_cancel+0x57/0x60 mm/page_counter.c:62
01 
Code: 
00 48 
de 
83 e4 
4c 89 
f0 
e7 
48 
48 
81 ec 
89 
60 03 
f3 
00 
e8 
00 48 
b7 
8b 45 
fa 
10 <89> 
ff 
94 
ff 
24 
31 ff 
80 00 
48 89 
00 
de 
00 48 
e8 
ba 
1d 
00 
69 
00 00 
bd 
00 00 
ff 
fc ff 
48 
df 
85 
48 
db 
89 
78 
84 24 
0a 
98 
e8 
e3 
RSP: 0018:ffff8801c71ffe20 EFLAGS: 00010082
67 
bd 
RAX: 0000000000000000 RBX: 1ffff10038e40041 RCX: 0000000000000002
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff88f92620
ff 
RBP: ffff8801c72001b0 R08: 0000000000000000 R09: 0000000000000000
5b 
R10: ffff8801c8d2f1b8 R11: ffff8801dae236b3 R12: 0000000000000000
R13: ffffffff88f92620 R14: ffff88019d7b05c0 R15: 0000000000000002
41 
FS:  00007f2da86e0700(0000) GS:ffff8801dae00000(0000) knlGS:0000000000000000
5c 
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8801c71ffe18 CR3: 000000019fac4000 CR4: 00000000001406f0
5d 
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
c3 
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
e8 d9 67 bd ff <0f> 0b eb ed 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 49 
RSP: 0018:ffff8801942a6830 EFLAGS: 00010293
RAX: ffff8801b283c440 RBX: bca07ab6b37384ff RCX: ffffffff81bea3e3
RDX: 0000000000000000 RSI: ffffffff81bea3f7 RDI: 0000000000000007
RBP: ffff8801942a6840 R08: ffff8801b283c440 R09: ffffed003300d646
R10: ffffed003300d646 R11: ffff88019806b237 R12: ffff8801c8b3caf8
R13: dffffc0000000000 R14: ffff8801942a68f8 R15: ffff8801942a68f0
 page_counter_uncharge+0x33/0x70 mm/page_counter.c:160
 uncharge_batch+0xbb/0xab0 mm/memcontrol.c:5697
 mem_cgroup_uncharge+0xb9/0x100 mm/memcontrol.c:5811
 __page_cache_release+0x9ea/0xfa0 mm/swap.c:74
 __put_single_page mm/swap.c:79 [inline]
 __put_page+0x11a/0x190 mm/swap.c:114
 put_page include/linux/mm.h:923 [inline]
 free_page_and_swap_cache+0x4e6/0x760 mm/swap_state.c:304
 __tlb_remove_table arch/x86/include/asm/tlb.h:30 [inline]
 tlb_remove_table+0x279/0x3b0 mm/memory.c:383
 ___pte_free_tlb+0xfe/0x140 arch/x86/mm/pgtable.c:66
 __pte_free_tlb arch/x86/include/asm/pgalloc.h:73 [inline]
 free_pte_range mm/memory.c:446 [inline]
 free_pmd_range mm/memory.c:464 [inline]
 free_pud_range mm/memory.c:498 [inline]
 free_p4d_range mm/memory.c:532 [inline]
 free_pgd_range+0xc1d/0xf30 mm/memory.c:612
 free_pgtables+0x2c3/0x380 mm/memory.c:644
 exit_mmap+0x2d1/0x5b0 mm/mmap.c:3106
 __mmput kernel/fork.c:970 [inline]
 mmput+0x265/0x620 kernel/fork.c:991
 exit_mm kernel/exit.c:544 [inline]
 do_exit+0xea9/0x2750 kernel/exit.c:852
 do_group_exit+0x177/0x440 kernel/exit.c:968
 get_signal+0x88e/0x1970 kernel/signal.c:2468
 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816
 exit_to_usermode_loop+0x2e0/0x370 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455ab9
Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007f3080d74ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000072bf68 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf68
RBP: 000000000072bf68 R08: 0000000000000000 R09: 000000000072bf48
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd0434f44f R14: 00007f3080d759c0 R15: 0000000000000001
Shutting down cpus with NMI
Dumping ftrace buffer:
BUG: unable to handle kernel paging request at ffff8801cc3fb280
PGD b4df067 P4D b4df067 PUD 1d9435063 PMD 1c894a063 PTE 282
Oops: 0000 [#1] SMP KASAN
CPU: 1 PID: 22462 Comm: syz-executor0 Not tainted 4.18.0-rc3+ #45
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:rb_set_head_page+0xab/0x2e0 kernel/trace/ring_buffer.c:994
Code: 03 80 3c 02 00 0f 85 06 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 80 3c 02 00 0f 85 da 01 00 00 <49> 8b 04 24 48 83 e0 fc 48 39 c3 0f 85 73 01 00 00 c7 45 cc 00 00 
RSP: 0018:ffff8801942a6150 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff8801d9a1c780 RCX: ffffffff816017d1
RDX: 1ffff1003987f650 RSI: ffffffff817db4ca RDI: ffff8801d9a1c788
RBP: ffff8801942a6188 R08: ffffed003b37476b R09: ffffed003b37476a
R10: ffffed003b37476a R11: ffff8801d9ba3b53 R12: ffff8801cc3fb280
R13: ffff8801d9ba3b40 R14: ffff8801d9ba3b40 R15: ffff8801d9a1c780
FS:  00007f3080d75700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8801cc3fb280 CR3: 00000001a02a2000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 rb_per_cpu_empty+0xac/0x400 kernel/trace/ring_buffer.c:3131
 ring_buffer_empty_cpu.part.44+0x11a/0x2a0 kernel/trace/ring_buffer.c:4428
 ring_buffer_empty_cpu+0x44/0x60 kernel/trace/ring_buffer.c:4422
 trace_empty+0x14b/0x310 kernel/trace/trace.c:3601
 ftrace_dump.cold.88+0x3f/0x1b6 kernel/trace/trace.c:8322
 trace_panic_handler+0x36/0x50 kernel/trace/trace.c:8168
 notifier_call_chain+0x180/0x390 kernel/notifier.c:93
 __atomic_notifier_call_chain kernel/notifier.c:183 [inline]
 atomic_notifier_call_chain+0x98/0x190 kernel/notifier.c:193
 panic+0x2b3/0x4e7 kernel/panic.c:218
 __warn.cold.8+0x163/0x1ba kernel/panic.c:536
 report_bug+0x252/0x2d0 lib/bug.c:186
 fixup_bug arch/x86/kernel/traps.c:178 [inline]
 do_error_trap+0x1fc/0x4d0 arch/x86/kernel/traps.c:296
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:316
 invalid_op+0x14/0x20 arch/x86/entry/entry_64.S:992
RIP: 0010:page_counter_cancel+0x57/0x60 mm/page_counter.c:62
Code: de 4c 89 e7 48 89 f3 e8 b7 fa ff ff 31 ff 48 89 de e8 1d 69 bd ff 48 85 db 78 0a e8 e3 67 bd ff 5b 41 5c 5d c3 e8 d9 67 bd ff <0f> 0b eb ed 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 49 
RSP: 0018:ffff8801942a6830 EFLAGS: 00010293
RAX: ffff8801b283c440 RBX: bca07ab6b37384ff RCX: ffffffff81bea3e3
RDX: 0000000000000000 RSI: ffffffff81bea3f7 RDI: 0000000000000007
RBP: ffff8801942a6840 R08: ffff8801b283c440 R09: ffffed003300d646
R10: ffffed003300d646 R11: ffff88019806b237 R12: ffff8801c8b3caf8
R13: dffffc0000000000 R14: ffff8801942a68f8 R15: ffff8801942a68f0
 page_counter_uncharge+0x33/0x70 mm/page_counter.c:160
 uncharge_batch+0xbb/0xab0 mm/memcontrol.c:5697
 mem_cgroup_uncharge+0xb9/0x100 mm/memcontrol.c:5811
 __page_cache_release+0x9ea/0xfa0 mm/swap.c:74
 __put_single_page mm/swap.c:79 [inline]
 __put_page+0x11a/0x190 mm/swap.c:114
 put_page include/linux/mm.h:923 [inline]
 free_page_and_swap_cache+0x4e6/0x760 mm/swap_state.c:304
 __tlb_remove_table arch/x86/include/asm/tlb.h:30 [inline]
 tlb_remove_table+0x279/0x3b0 mm/memory.c:383
 ___pte_free_tlb+0xfe/0x140 arch/x86/mm/pgtable.c:66
 __pte_free_tlb arch/x86/include/asm/pgalloc.h:73 [inline]
 free_pte_range mm/memory.c:446 [inline]
 free_pmd_range mm/memory.c:464 [inline]
 free_pud_range mm/memory.c:498 [inline]
 free_p4d_range mm/memory.c:532 [inline]
 free_pgd_range+0xc1d/0xf30 mm/memory.c:612
 free_pgtables+0x2c3/0x380 mm/memory.c:644
 exit_mmap+0x2d1/0x5b0 mm/mmap.c:3106
 __mmput kernel/fork.c:970 [inline]
 mmput+0x265/0x620 kernel/fork.c:991
 exit_mm kernel/exit.c:544 [inline]
 do_exit+0xea9/0x2750 kernel/exit.c:852
 do_group_exit+0x177/0x440 kernel/exit.c:968
 get_signal+0x88e/0x1970 kernel/signal.c:2468
 do_signal+0x9c/0x21c0 arch/x86/kernel/signal.c:816
 exit_to_usermode_loop+0x2e0/0x370 arch/x86/entry/common.c:162
 prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
 syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
 do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x455ab9
Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 
RSP: 002b:00007f3080d74ce8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
RAX: fffffffffffffe00 RBX: 000000000072bf68 RCX: 0000000000455ab9
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000072bf68
RBP: 000000000072bf68 R08: 0000000000000000 R09: 000000000072bf48
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007ffd0434f44f R14: 00007f3080d759c0 R15: 0000000000000001
Modules linked in:
CR2: ffff8801cc3fb280
---[ end trace 84833697eb4378fe ]---
RIP: 0010:rb_set_head_page+0xab/0x2e0 kernel/trace/ring_buffer.c:994
Code: 03 80 3c 02 00 0f 85 06 02 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 63 08 4c 89 e2 48 c1 ea 03 80 3c 02 00 0f 85 da 01 00 00 <49> 8b 04 24 48 83 e0 fc 48 39 c3 0f 85 73 01 00 00 c7 45 cc 00 00 
RSP: 0018:ffff8801942a6150 EFLAGS: 00010046
RAX: dffffc0000000000 RBX: ffff8801d9a1c780 RCX: ffffffff816017d1
RDX: 1ffff1003987f650 RSI: ffffffff817db4ca RDI: ffff8801d9a1c788
RBP: ffff8801942a6188 R08: ffffed003b37476b R09: ffffed003b37476a
R10: ffffed003b37476a R11: ffff8801d9ba3b53 R12: ffff8801cc3fb280
R13: ffff8801d9ba3b40 R14: ffff8801d9ba3b40 R15: ffff8801d9a1c780
FS:  00007f3080d75700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8801cc3fb280 CR3: 00000001a02a2000 CR4: 00000000001406e0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2018/07/05 07:07 bpf-next 2bdea157b999 f525fd72 .config console log report ci-upstream-bpf-next-kasan-gce
* Struck through repros no longer work on HEAD.