syzbot


kernel BUG at mm/huge_memory.c:LINE!

Status: fixed on 2019/09/06 20:45
Reported-by: syzbot+8e075128f7db8555391a@syzkaller.appspotmail.com
Fix commit: a53190a4aaa3 mm: mempolicy: handle vma with unmovable pages mapped correctly in mbind
First crash: 1316d, last: 1146d
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at mm/huge_memory.c:LINE! (2) 1 706d 702d 0/23 auto-closed as invalid on 2021/01/02 13:21
linux-4.14 kernel BUG at mm/huge_memory.c:LINE! 1 594d 594d 0/1 auto-closed as invalid on 2021/04/24 02:20
upstream kernel BUG in split_huge_page_to_list C done 115 178d 564d 0/23 upstream: reported C repro on 2021/01/24 12:01

Sample crash report:
page:ffffea0000d50000 refcount:512 mapcount:0 mapping:ffff888097d904c9 index:0x20a00 compound_mapcount: -1
anon 
flags: 0x1fffc000009000d(locked|uptodate|dirty|head|swapbacked)
raw: 01fffc000009000d dead000000000100 dead000000000200 ffff888097d904c9
raw: 0000000000020a00 0000000000000000 0000020000000000 ffff88805736ea00
page dumped because: VM_BUG_ON_PAGE(compound_mapcount(head))
page->mem_cgroup:ffff88805736ea00
------------[ cut here ]------------
kernel BUG at mm/huge_memory.c:2725!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 1769 Comm: kswapd0 Not tainted 5.2.0-rc5+ #31
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:split_huge_page_to_list+0x2145/0x2f70 mm/huge_memory.c:2725
Code: 30 ff ff ff 48 c7 c6 a0 22 75 87 e8 b5 c4 ec ff 0f 0b e8 4e 9c c4 ff 48 8b bd 30 ff ff ff 48 c7 c6 e0 22 75 87 e8 9b c4 ec ff <0f> 0b e8 34 9c c4 ff 4d 8d 6e ff e9 85 e7 ff ff 41 bd 02 00 00 00
RSP: 0018:ffff8880a5937628 EFLAGS: 00010293
RAX: ffff8880a5950040 RBX: ffffea0000d50080 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8198fa12 RDI: ffffed1014b26ea9
RBP: ffff8880a59377a0 R08: 0000000000000021 R09: ffffed1015d260a1
R10: ffffed1015d260a0 R11: ffff8880ae930507 R12: 01fffc000009000d
R13: 00000000fffffffe R14: ffffea0000d50054 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000241ea78 CR3: 000000009e67c000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 split_huge_page include/linux/huge_mm.h:146 [inline]
 deferred_split_scan+0x64b/0xa60 mm/huge_memory.c:2862
 do_shrink_slab+0x3f6/0xa70 mm/vmscan.c:551
 shrink_slab mm/vmscan.c:700 [inline]
 shrink_slab+0x4be/0x5e0 mm/vmscan.c:680
 shrink_node+0x612/0x1680 mm/vmscan.c:2666
 kswapd_shrink_node mm/vmscan.c:3412 [inline]
 balance_pgdat+0x56c/0xe80 mm/vmscan.c:3570
 kswapd+0x5f4/0xfc0 mm/vmscan.c:3825
 kthread+0x354/0x420 kernel/kthread.c:255
 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:352
Modules linked in:
---[ end trace 28916772917342fb ]---
RIP: 0010:split_huge_page_to_list+0x2145/0x2f70 mm/huge_memory.c:2725
Code: 30 ff ff ff 48 c7 c6 a0 22 75 87 e8 b5 c4 ec ff 0f 0b e8 4e 9c c4 ff 48 8b bd 30 ff ff ff 48 c7 c6 e0 22 75 87 e8 9b c4 ec ff <0f> 0b e8 34 9c c4 ff 4d 8d 6e ff e9 85 e7 ff ff 41 bd 02 00 00 00
RSP: 0018:ffff8880a5937628 EFLAGS: 00010293
RAX: ffff8880a5950040 RBX: ffffea0000d50080 RCX: 0000000000000000
RDX: 0000000000000000 RSI: ffffffff8198fa12 RDI: ffffed1014b26ea9
RBP: ffff8880a59377a0 R08: 0000000000000021 R09: ffffed1015d260a1
R10: ffffed1015d260a0 R11: ffff8880ae930507 R12: 01fffc000009000d
R13: 00000000fffffffe R14: ffffea0000d50054 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000241ea78 CR3: 000000009c551000 CR4: 00000000001426e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (27):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-kasan-gce-selinux-root 2019/06/22 18:55 upstream abf02e2964b3 34bf9440 .config log report
ci-upstream-kasan-gce 2019/06/03 12:44 upstream f2c7c76c5d0a 63bf051f .config log report
ci-upstream-kasan-gce 2019/05/07 22:27 upstream 8ff468c29e9a a7383bfa .config log report
ci-upstream-kasan-gce 2019/05/07 09:07 upstream 71ae5fc87c34 d28f4ce5 .config log report
ci-upstream-kasan-gce 2019/05/04 05:06 upstream a4ccb5f9dc6c d28f4ce5 .config log report
ci-upstream-kasan-gce-selinux-root 2019/05/03 10:20 upstream ea9866793d1e 1bfa09b9 .config log report
ci-upstream-kasan-gce 2019/05/02 19:09 upstream b7a5b22b0547 e9039493 .config log report
ci-upstream-kasan-gce 2019/05/02 17:12 upstream 459e3a21535a 7516d9fa .config log report
ci-upstream-kasan-gce 2019/04/30 19:34 upstream bf3bd966dfd7 618456b4 .config log report
ci-upstream-kasan-gce 2019/04/29 15:49 upstream 37624b58542f b617407b .config log report
ci-upstream-kasan-gce 2019/04/28 19:49 upstream 9520b5324b0e b617407b .config log report
ci-upstream-kasan-gce 2019/04/28 13:38 upstream 037904a22bf8 b617407b .config log report
ci-upstream-kasan-gce 2019/04/27 21:33 upstream baf76f0c58ae b617407b .config log report
ci-upstream-kasan-gce 2019/04/27 18:55 upstream baf76f0c58ae b617407b .config log report
ci-upstream-kasan-gce-smack-root 2019/04/25 17:28 upstream f6f3e747454f f46aabc8 .config log report
ci-upstream-kasan-gce 2019/04/25 16:26 upstream cd8dead0c394 f46aabc8 .config log report
ci-upstream-kasan-gce 2019/04/25 06:04 upstream cd8dead0c394 8e3c52b1 .config log report
ci-upstream-kasan-gce-smack-root 2019/04/25 02:10 upstream cd8dead0c394 8e3c52b1 .config log report
ci-upstream-kasan-gce 2019/04/24 07:33 upstream 7142eaa58b49 4d3d6a50 .config log report
ci-upstream-kasan-gce-selinux-root 2019/04/22 19:37 upstream 085b7755808a 0a77c33c .config log report
ci-upstream-kasan-gce 2019/04/22 03:09 upstream 085b7755808a b0e8efcb .config log report
ci-upstream-kasan-gce 2019/04/20 04:37 upstream 3ecafda911f4 b0e8efcb .config log report
ci-upstream-kasan-gce 2019/04/18 08:05 upstream fe5cdef29e41 b0e8efcb .config log report
ci-upstream-kasan-gce 2019/04/16 12:33 upstream 618d919cae2f 505ab413 .config log report
ci-upstream-kasan-gce 2019/04/15 23:15 upstream 5512320c9f6f 505ab413 .config log report
ci-upstream-kasan-gce 2019/04/15 02:10 upstream dc4060a5dc25 505ab413 .config log report
ci-upstream-linux-next-kasan-gce-root 2019/01/02 23:13 linux-next 4cd1b60def51 06a2b89f .config log report