[v6.1] WARNING in lru_gen_look_around
0 views
Skip to first unread message
syzbot
Apr 21, 2024, 1:36:18 AMApr 21
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 6741e066ec76 Linux 6.1.87
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=132f4a53180000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d37120947ebed5a
dashboard link: https://syzkaller.appspot.com/bug?extid=cf80d8ac73611b6adbeb
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e09aa9dab3c8/disk-6741e066.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4176a4f5a4d5/vmlinux-6741e066.xz
kernel image: https://storage.googleapis.com/syzbot-assets/970367753980/Image-6741e066.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf80d8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5979 at mm/vmscan.c:3832 get_pte_pfn mm/vmscan.c:3832 [inline]
WARNING: CPU: 1 PID: 5979 at mm/vmscan.c:3832 lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
Modules linked in:
CPU: 1 PID: 5979 Comm: syz-executor.3 Not tainted 6.1.87-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : get_pte_pfn mm/vmscan.c:3832 [inline]
pc : lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
lr : get_pte_pfn mm/vmscan.c:3832 [inline]
lr : lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
sp : ffff8000208153a0
x29: ffff8000208154c0 x28: 016000013b801fc3 x27: dfff800000000000
x26: ffff0000ede9f008 x25: 1fffe0001dbd3e01 x24: ffff800020815480
x23: 000000000013b801 x22: 0000000000000001 x21: ffff0000cf04e000
x20: 0100000000000000 x19: 0000000020001000 x18: 0000000000000140
x17: 0000000000000080 x16: ffff8000083043c4 x15: 0000000000000002
x14: 1ffff00002b0a0b0 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002482b000 x9 : ffff8000087a7a68
x8 : 0000000000040000 x7 : ffff8000087b7fdc x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000087a794c
x2 : 0000000000000001 x1 : 0100000000000000 x0 : 0000000000000000
Call trace:
get_pte_pfn mm/vmscan.c:3832 [inline]
lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
folio_referenced_one+0x4bc/0xbe8 mm/rmap.c:828
rmap_walk_anon+0x2d8/0x4dc mm/rmap.c:2451
rmap_walk mm/rmap.c:2527 [inline]
folio_referenced+0x43c/0x5a8 mm/rmap.c:933
folio_check_references mm/vmscan.c:1456 [inline]
shrink_folio_list+0xb28/0x49bc mm/vmscan.c:1789
evict_folios+0x38b0/0x4e80 mm/vmscan.c:5039
lru_gen_shrink_lruvec mm/vmscan.c:5223 [inline]
shrink_lruvec+0xa80/0x3bf4 mm/vmscan.c:5918
shrink_node_memcgs mm/vmscan.c:6139 [inline]
shrink_node+0x554/0x216c mm/vmscan.c:6170
shrink_zones mm/vmscan.c:6411 [inline]
do_try_to_free_pages+0x564/0x144c mm/vmscan.c:6473
try_to_free_mem_cgroup_pages+0x3c0/0xce8 mm/vmscan.c:6788
try_charge_memcg+0x4b0/0x1478 mm/memcontrol.c:2681
try_charge mm/memcontrol.c:2823 [inline]
charge_memcg+0xa4/0x1f4 mm/memcontrol.c:6899
__mem_cgroup_charge+0x38/0xa8 mm/memcontrol.c:6920
mem_cgroup_charge include/linux/memcontrol.h:672 [inline]
__filemap_add_folio+0xa20/0x1258 mm/filemap.c:852
filemap_add_folio+0x10c/0x298 mm/filemap.c:934
__filemap_get_folio+0x7b0/0xb6c mm/filemap.c:1976
pagecache_get_page+0x3c/0x16c mm/folio-compat.c:110
find_or_create_page include/linux/pagemap.h:646 [inline]
grow_dev_page fs/buffer.c:946 [inline]
grow_buffers fs/buffer.c:1011 [inline]
__getblk_slow fs/buffer.c:1038 [inline]
__getblk_gfp+0x1dc/0x874 fs/buffer.c:1333
__bread_gfp+0x3c/0x2ec fs/buffer.c:1367
sb_bread include/linux/buffer_head.h:338 [inline]
bfs_find_entry+0x19c/0x384 fs/bfs/dir.c:337
bfs_lookup+0x12c/0x228 fs/bfs/dir.c:137
__lookup_slow+0x250/0x374 fs/namei.c:1690
lookup_slow+0x60/0x84 fs/namei.c:1707
walk_component fs/namei.c:1998 [inline]
link_path_walk+0x830/0xcc8 fs/namei.c:2325
path_openat+0x1c8/0x2548 fs/namei.c:3781
do_filp_open+0x1bc/0x3cc fs/namei.c:3812
do_sys_openat2+0x128/0x3d8 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 19895342
hardirqs last enabled at (19895341): [<ffff80001223c77c>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (19895341): [<ffff80001223c77c>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (19895342): [<ffff800012158694>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (19894840): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (19894840): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (19894835): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 6741e066ec76 Linux 6.1.87
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=132f4a53180000
kernel config: https://syzkaller.appspot.com/x/.config?x=5d37120947ebed5a
dashboard link: https://syzkaller.appspot.com/bug?extid=cf80d8ac73611b6adbeb
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/e09aa9dab3c8/disk-6741e066.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/4176a4f5a4d5/vmlinux-6741e066.xz
kernel image: https://storage.googleapis.com/syzbot-assets/970367753980/Image-6741e066.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+cf80d8...@syzkaller.appspotmail.com
------------[ cut here ]------------
WARNING: CPU: 1 PID: 5979 at mm/vmscan.c:3832 get_pte_pfn mm/vmscan.c:3832 [inline]
WARNING: CPU: 1 PID: 5979 at mm/vmscan.c:3832 lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
Modules linked in:
CPU: 1 PID: 5979 Comm: syz-executor.3 Not tainted 6.1.87-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
pstate: 60401005 (nZCv daif +PAN -UAO -TCO -DIT +SSBS BTYPE=--)
pc : get_pte_pfn mm/vmscan.c:3832 [inline]
pc : lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
lr : get_pte_pfn mm/vmscan.c:3832 [inline]
lr : lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
sp : ffff8000208153a0
x29: ffff8000208154c0 x28: 016000013b801fc3 x27: dfff800000000000
x26: ffff0000ede9f008 x25: 1fffe0001dbd3e01 x24: ffff800020815480
x23: 000000000013b801 x22: 0000000000000001 x21: ffff0000cf04e000
x20: 0100000000000000 x19: 0000000020001000 x18: 0000000000000140
x17: 0000000000000080 x16: ffff8000083043c4 x15: 0000000000000002
x14: 1ffff00002b0a0b0 x13: dfff800000000000 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002482b000 x9 : ffff8000087a7a68
x8 : 0000000000040000 x7 : ffff8000087b7fdc x6 : 0000000000000000
x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff8000087a794c
x2 : 0000000000000001 x1 : 0100000000000000 x0 : 0000000000000000
Call trace:
get_pte_pfn mm/vmscan.c:3832 [inline]
lru_gen_look_around+0xc40/0x1458 mm/vmscan.c:4656
folio_referenced_one+0x4bc/0xbe8 mm/rmap.c:828
rmap_walk_anon+0x2d8/0x4dc mm/rmap.c:2451
rmap_walk mm/rmap.c:2527 [inline]
folio_referenced+0x43c/0x5a8 mm/rmap.c:933
folio_check_references mm/vmscan.c:1456 [inline]
shrink_folio_list+0xb28/0x49bc mm/vmscan.c:1789
evict_folios+0x38b0/0x4e80 mm/vmscan.c:5039
lru_gen_shrink_lruvec mm/vmscan.c:5223 [inline]
shrink_lruvec+0xa80/0x3bf4 mm/vmscan.c:5918
shrink_node_memcgs mm/vmscan.c:6139 [inline]
shrink_node+0x554/0x216c mm/vmscan.c:6170
shrink_zones mm/vmscan.c:6411 [inline]
do_try_to_free_pages+0x564/0x144c mm/vmscan.c:6473
try_to_free_mem_cgroup_pages+0x3c0/0xce8 mm/vmscan.c:6788
try_charge_memcg+0x4b0/0x1478 mm/memcontrol.c:2681
try_charge mm/memcontrol.c:2823 [inline]
charge_memcg+0xa4/0x1f4 mm/memcontrol.c:6899
__mem_cgroup_charge+0x38/0xa8 mm/memcontrol.c:6920
mem_cgroup_charge include/linux/memcontrol.h:672 [inline]
__filemap_add_folio+0xa20/0x1258 mm/filemap.c:852
filemap_add_folio+0x10c/0x298 mm/filemap.c:934
__filemap_get_folio+0x7b0/0xb6c mm/filemap.c:1976
pagecache_get_page+0x3c/0x16c mm/folio-compat.c:110
find_or_create_page include/linux/pagemap.h:646 [inline]
grow_dev_page fs/buffer.c:946 [inline]
grow_buffers fs/buffer.c:1011 [inline]
__getblk_slow fs/buffer.c:1038 [inline]
__getblk_gfp+0x1dc/0x874 fs/buffer.c:1333
__bread_gfp+0x3c/0x2ec fs/buffer.c:1367
sb_bread include/linux/buffer_head.h:338 [inline]
bfs_find_entry+0x19c/0x384 fs/bfs/dir.c:337
bfs_lookup+0x12c/0x228 fs/bfs/dir.c:137
__lookup_slow+0x250/0x374 fs/namei.c:1690
lookup_slow+0x60/0x84 fs/namei.c:1707
walk_component fs/namei.c:1998 [inline]
link_path_walk+0x830/0xcc8 fs/namei.c:2325
path_openat+0x1c8/0x2548 fs/namei.c:3781
do_filp_open+0x1bc/0x3cc fs/namei.c:3812
do_sys_openat2+0x128/0x3d8 fs/open.c:1318
do_sys_open fs/open.c:1334 [inline]
__do_sys_openat fs/open.c:1350 [inline]
__se_sys_openat fs/open.c:1345 [inline]
__arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
irq event stamp: 19895342
hardirqs last enabled at (19895341): [<ffff80001223c77c>] __raw_spin_unlock_irq include/linux/spinlock_api_smp.h:159 [inline]
hardirqs last enabled at (19895341): [<ffff80001223c77c>] _raw_spin_unlock_irq+0x3c/0x90 kernel/locking/spinlock.c:202
hardirqs last disabled at (19895342): [<ffff800012158694>] el1_dbg+0x24/0x80 arch/arm64/kernel/entry-common.c:405
softirqs last enabled at (19894840): [<ffff800008020d7c>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last enabled at (19894840): [<ffff800008020d7c>] __do_softirq+0xc1c/0xe38 kernel/softirq.c:600
softirqs last disabled at (19894835): [<ffff80000802a99c>] ____do_softirq+0x14/0x20 arch/arm64/kernel/irq.c:80
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages