syzbot


kernel BUG in split_huge_page_to_list

Status: upstream: reported C repro on 2021/01/24 12:01
Reported-by: syzbot+9b83ff893245a25c320e@syzkaller.appspotmail.com
First crash: 613d, last: 223d

Cause bisection: introduced by (bisect log) :
commit fbdbae3da30a149a55a5f1883bbbe17a27660e05
Author: Li Xinhai <lixinhai.lxh@gmail.com>
Date: Tue Jan 19 21:54:00 2021 +0000

  mm: mremap: unlink anon_vmas when mremap with MREMAP_DONTUNMAP success

Crash: kernel BUG in split_huge_page_to_list (log)
Repro: C syz .config
similar bugs (3):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at mm/huge_memory.c:LINE! (2) 1 751d 747d 0/24 auto-closed as invalid on 2021/01/02 13:21
upstream kernel BUG at mm/huge_memory.c:LINE! 27 1191d 1361d 13/24 fixed on 2019/09/06 20:45
linux-4.14 kernel BUG at mm/huge_memory.c:LINE! 1 640d 640d 0/1 auto-closed as invalid on 2021/04/24 02:20
Patch testing requests:
Created Duration User Patch Repo Result
2021/02/03 14:32 15m lixinhai.lxh@gmail.com git://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 95f0ca46d8041d6a1ffe5e1162210a2050c053b8 OK

Sample crash report:
head:00000000091c6650 order:9 compound_mapcount:0 compound_pincount:0
memcg:ffff888010d0a000
anon flags: 0xfff0000009001d(locked|uptodate|dirty|lru|head|swapbacked)
raw: 00fff0000009001d ffffea0000bc51c8 ffff888010201800 ffff88802575d801
raw: 0000000000020e00 0000000000000000 000001fc00000000 ffff888010d0a000
page dumped because: VM_BUG_ON_PAGE(!unmap_success)
------------[ cut here ]------------
kernel BUG at mm/huge_memory.c:2351!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 8483 Comm: syz-executor525 Not tainted 5.11.0-rc4-next-20210120-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:unmap_page mm/huge_memory.c:2351 [inline]
RIP: 0010:split_huge_page_to_list+0x1f02/0x43b0 mm/huge_memory.c:2720
Code: ef e8 82 46 ea ff 0f 0b e8 ab 69 b9 ff 4c 8d 73 ff e9 56 ea ff ff e8 9d 69 b9 ff 48 c7 c6 40 69 57 89 48 89 ef e8 5e 46 ea ff <0f> 0b e8 87 69 b9 ff 4c 8d 75 ff e9 28 e9 ff ff e8 79 69 b9 ff 49
RSP: 0018:ffffc9000168f7a0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801e2d5400 RSI: ffffffff88bcc6c7 RDI: fffff520002d1e8e
RBP: ffffea0000ca8000 R08: 0000000000000033 R09: 0000000000000000
R10: ffffffff815b136e R11: 0000000000000000 R12: ffff888010d0ae60
R13: ffffea0000ca8000 R14: 000000000000018c R15: 0000000000000000
FS:  000000000154e880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcc655666c0 CR3: 0000000012e9a000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 split_huge_page include/linux/huge_mm.h:187 [inline]
 madvise_free_pte_range+0x736/0x1ee0 mm/madvise.c:633
 walk_pmd_range mm/pagewalk.c:89 [inline]
 walk_pud_range mm/pagewalk.c:160 [inline]
 walk_p4d_range mm/pagewalk.c:193 [inline]
 walk_pgd_range mm/pagewalk.c:229 [inline]
 __walk_page_range+0xe20/0x1ea0 mm/pagewalk.c:331
 walk_page_range+0x20d/0x400 mm/pagewalk.c:427
 madvise_free_single_vma+0x383/0x550 mm/madvise.c:731
 madvise_dontneed_free mm/madvise.c:819 [inline]
 madvise_vma mm/madvise.c:936 [inline]
 do_madvise.part.0+0x4e4/0x1ed0 mm/madvise.c:1132
 do_madvise mm/madvise.c:1158 [inline]
 __do_sys_madvise mm/madvise.c:1158 [inline]
 __se_sys_madvise mm/madvise.c:1156 [inline]
 __x64_sys_madvise+0x113/0x150 mm/madvise.c:1156
 do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46
 entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x440219
Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007ffc51b58b98 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440219
RDX: 0000000000000008 RSI: 0000000000c00000 RDI: 0000000020400000
RBP: 00000000006ca018 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000020ffc000 R11: 0000000000000246 R12: 0000000000401a20
R13: 0000000000401ab0 R14: 0000000000000000 R15: 0000000000000000
Modules linked in:
---[ end trace 7812a13de61fd12e ]---
RIP: 0010:unmap_page mm/huge_memory.c:2351 [inline]
RIP: 0010:split_huge_page_to_list+0x1f02/0x43b0 mm/huge_memory.c:2720
Code: ef e8 82 46 ea ff 0f 0b e8 ab 69 b9 ff 4c 8d 73 ff e9 56 ea ff ff e8 9d 69 b9 ff 48 c7 c6 40 69 57 89 48 89 ef e8 5e 46 ea ff <0f> 0b e8 87 69 b9 ff 4c 8d 75 ff e9 28 e9 ff ff e8 79 69 b9 ff 49
RSP: 0018:ffffc9000168f7a0 EFLAGS: 00010282
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801e2d5400 RSI: ffffffff88bcc6c7 RDI: fffff520002d1e8e
RBP: ffffea0000ca8000 R08: 0000000000000033 R09: 0000000000000000
R10: ffffffff815b136e R11: 0000000000000000 R12: ffff888010d0ae60
R13: ffffea0000ca8000 R14: 000000000000018c R15: 0000000000000000
FS:  000000000154e880(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fcc655666c0 CR3: 0000000012e9a000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (115):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-linux-next-kasan-gce-root 2021/01/20 16:37 linux-next 647060f3b592 d4f4eca5 .config log report syz C kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/02/14 13:45 upstream 754e0b0e3560 8b9ca619 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2022/02/10 10:18 upstream f4bc5bbb5fef 0b33604d .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/02/10 05:10 upstream f4bc5bbb5fef 0b33604d .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2022/02/06 13:19 upstream 90c9e950c0de a7dab638 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/02/03 04:27 upstream 88808fbbead4 4ebb2798 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/02/02 14:09 upstream 9f7fb8de5d9b 4ebb2798 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/30 05:22 upstream f8c7e4ede46f 495e00c5 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/28 03:20 upstream 626b2dda7651 64a8e201 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2022/01/27 00:17 upstream 0280e3c58f92 2cbffd88 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/26 07:23 upstream 0280e3c58f92 2cbffd88 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/25 17:04 upstream a08b41ab9e2e 2cbffd88 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/25 05:54 upstream dd81e1c7d5fb 2cbffd88 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/22 03:06 upstream 1f40caa08047 214351e1 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/12 04:58 upstream 6f38be8f2ccd 44d1319a .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2022/01/10 14:47 upstream df0cc57e057f 2ca0d385 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/09 23:15 upstream 4634129ad9fd 2ca0d385 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/09 04:09 upstream 21f35d2ca83e 2ca0d385 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/06 01:46 upstream 49ef78e59b07 6acc789a .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2022/01/05 08:27 upstream c9e6606c7fe9 0a2584dd .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/03 12:13 upstream c9e6606c7fe9 e1768e9c .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2022/01/02 11:58 upstream 278218f6778b e1768e9c .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/25 22:16 upstream e2ae0d4a6b0b 6caa12e4 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/24 19:22 upstream 7a29b11da965 6caa12e4 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/24 06:39 upstream 996a18eb796a 6caa12e4 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/21 15:31 upstream 6e0567b73052 a938f0b8 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/18 12:46 upstream 9eaa88c7036e 44068e19 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/18 03:49 upstream 6441998e2e37 44068e19 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/17 08:15 upstream fa36bbe6d43f 44068e19 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/16 08:54 upstream 2b14864acbaa 572bcb40 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/15 11:42 upstream 5472f14a3742 f752fb53 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/07 21:49 upstream cd8c917a56f2 0230ba3e .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/07 03:29 upstream f80ef9e49fdf 0230ba3e .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/06 07:46 upstream 944207047ca4 a617004c .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/03 07:24 upstream a51e3ac43ddb 61f86278 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/12/02 13:50 upstream 58e1100fdc59 61f86278 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64 2021/11/27 16:43 upstream c5c17547b778 63eeac02 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/25 11:34 upstream 5f53fa508db0 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/24 22:13 upstream 5f53fa508db0 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/24 16:55 upstream 5d9f4cf36721 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/24 14:28 upstream 5d9f4cf36721 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/24 01:29 upstream 5d9f4cf36721 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/23 20:23 upstream 136057256686 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/23 05:04 upstream 136057256686 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/22 15:13 upstream 136057256686 545ab074 .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/22 08:03 upstream 136057256686 4eb20a4e .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/21 21:04 upstream 923dcc5eb0c1 4eb20a4e .config log report info kernel BUG in split_huge_page_to_list
ci-qemu2-arm64-compat 2021/11/21 03:23 upstream 61564e7b3abc 4eb20a4e .config log report info kernel BUG in split_huge_page_to_list
ci-upstream-linux-next-kasan-gce-root 2021/01/20 11:59 linux-next 647060f3b592 d4f4eca5 .config log report info kernel BUG in split_huge_page_to_list
* Struck through repros no longer work on HEAD.