[v6.1] kernel BUG in add_to_swap
0 views
Skip to first unread message
syzbot
Jan 10, 2024, 5:06:30 PMJan 10
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 7c58bfa711cb Linux 6.1.72
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=142946f5e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=faf1a88963777524
dashboard link: https://syzkaller.appspot.com/bug?extid=26cc85d8e6d446ced995
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8706c723e078/disk-7c58bfa7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/09bb32ac1bde/vmlinux-7c58bfa7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/794945902a5c/Image-7c58bfa7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+26cc85...@syzkaller.appspotmail.com
anon flags: 0x5ffc00000480809(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000480809 dead000000000100 dead000000000122 ffff0000c3b15551
raw: 0000000000020001 0000000000000000 00000002ffffffff ffff0000d805a000
page dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio))
------------[ cut here ]------------
kernel BUG at mm/swap_state.c:180!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 27056 Comm: syz-executor.0 Not tainted 6.1.72-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : add_to_swap+0x1b4/0x1b8 mm/swap_state.c:180
lr : add_to_swap+0x1b4/0x1b8 mm/swap_state.c:180
sp : ffff800023826480
x29: ffff800023826480 x28: fffffc00049830c8 x27: fffffc00049830d8
x26: fffffc00049830c0 x25: dfff800000000000 x24: 05ffc00000480809
x23: 1fffff8000930618 x22: 1fffff8000930619 x21: dfff800000000000
x20: 05ffc00000480809 x19: fffffc00049830c0 x18: ffff800023826778
x17: 296f696c6f662865 x16: ffff80001214c60c x15: 0000000000000002
x14: 00000000ffffffff x13: fffffffffffdf318 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80001e85b000 x9 : ffff800008832ca0
x8 : 0000000000040000 x7 : fffffffffffdf318 x6 : fffffffffffdf2d0
x5 : ffff800023825cf8 x4 : ffff8000158edbf0 x3 : ffff80000aa8628c
x2 : ffff0001b435fcd0 x1 : 0000000100000000 x0 : 0000000000000041
Call trace:
add_to_swap+0x1b4/0x1b8 mm/swap_state.c:180
shrink_folio_list+0x1f18/0x49bc mm/vmscan.c:1838
evict_folios+0x38b0/0x4e80 mm/vmscan.c:5039
lru_gen_shrink_lruvec mm/vmscan.c:5223 [inline]
shrink_lruvec+0xa80/0x3bf4 mm/vmscan.c:5918
shrink_node_memcgs mm/vmscan.c:6139 [inline]
shrink_node+0x568/0x212c mm/vmscan.c:6170
shrink_zones mm/vmscan.c:6408 [inline]
do_try_to_free_pages+0x59c/0x142c mm/vmscan.c:6470
try_to_free_mem_cgroup_pages+0x3c0/0xce8 mm/vmscan.c:6785
try_charge_memcg+0x4b0/0x1478 mm/memcontrol.c:2681
obj_cgroup_charge_pages mm/memcontrol.c:3096 [inline]
__memcg_kmem_charge_page+0x330/0x61c mm/memcontrol.c:3122
__alloc_pages+0x254/0x730 mm/page_alloc.c:5562
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
bpf_ringbuf_area_alloc kernel/bpf/ringbuf.c:130 [inline]
bpf_ringbuf_alloc+0x100/0x434 kernel/bpf/ringbuf.c:167
ringbuf_map_alloc+0x19c/0x288 kernel/bpf/ringbuf.c:207
find_and_alloc_map kernel/bpf/syscall.c:131 [inline]
map_create+0x48c/0xbc8 kernel/bpf/syscall.c:1106
__sys_bpf+0x284/0x654 kernel/bpf/syscall.c:4950
__do_sys_bpf kernel/bpf/syscall.c:5072 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5070 [inline]
__arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5070
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 9004d2a1 91188021 aa1303e0 97fcfa38 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: 7c58bfa711cb Linux 6.1.72
git tree: linux-6.1.y
console output: https://syzkaller.appspot.com/x/log.txt?x=142946f5e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=faf1a88963777524
dashboard link: https://syzkaller.appspot.com/bug?extid=26cc85d8e6d446ced995
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/8706c723e078/disk-7c58bfa7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/09bb32ac1bde/vmlinux-7c58bfa7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/794945902a5c/Image-7c58bfa7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+26cc85...@syzkaller.appspotmail.com
anon flags: 0x5ffc00000480809(locked|dirty|arch_1|swapbacked|hwpoison|node=0|zone=2|lastcpupid=0x7ff)
raw: 05ffc00000480809 dead000000000100 dead000000000122 ffff0000c3b15551
raw: 0000000000020001 0000000000000000 00000002ffffffff ffff0000d805a000
page dumped because: VM_BUG_ON_FOLIO(!folio_test_uptodate(folio))
------------[ cut here ]------------
kernel BUG at mm/swap_state.c:180!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 27056 Comm: syz-executor.0 Not tainted 6.1.72-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : add_to_swap+0x1b4/0x1b8 mm/swap_state.c:180
lr : add_to_swap+0x1b4/0x1b8 mm/swap_state.c:180
sp : ffff800023826480
x29: ffff800023826480 x28: fffffc00049830c8 x27: fffffc00049830d8
x26: fffffc00049830c0 x25: dfff800000000000 x24: 05ffc00000480809
x23: 1fffff8000930618 x22: 1fffff8000930619 x21: dfff800000000000
x20: 05ffc00000480809 x19: fffffc00049830c0 x18: ffff800023826778
x17: 296f696c6f662865 x16: ffff80001214c60c x15: 0000000000000002
x14: 00000000ffffffff x13: fffffffffffdf318 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80001e85b000 x9 : ffff800008832ca0
x8 : 0000000000040000 x7 : fffffffffffdf318 x6 : fffffffffffdf2d0
x5 : ffff800023825cf8 x4 : ffff8000158edbf0 x3 : ffff80000aa8628c
x2 : ffff0001b435fcd0 x1 : 0000000100000000 x0 : 0000000000000041
Call trace:
add_to_swap+0x1b4/0x1b8 mm/swap_state.c:180
shrink_folio_list+0x1f18/0x49bc mm/vmscan.c:1838
evict_folios+0x38b0/0x4e80 mm/vmscan.c:5039
lru_gen_shrink_lruvec mm/vmscan.c:5223 [inline]
shrink_lruvec+0xa80/0x3bf4 mm/vmscan.c:5918
shrink_node_memcgs mm/vmscan.c:6139 [inline]
shrink_node+0x568/0x212c mm/vmscan.c:6170
shrink_zones mm/vmscan.c:6408 [inline]
do_try_to_free_pages+0x59c/0x142c mm/vmscan.c:6470
try_to_free_mem_cgroup_pages+0x3c0/0xce8 mm/vmscan.c:6785
try_charge_memcg+0x4b0/0x1478 mm/memcontrol.c:2681
obj_cgroup_charge_pages mm/memcontrol.c:3096 [inline]
__memcg_kmem_charge_page+0x330/0x61c mm/memcontrol.c:3122
__alloc_pages+0x254/0x730 mm/page_alloc.c:5562
__alloc_pages_node include/linux/gfp.h:237 [inline]
alloc_pages_node include/linux/gfp.h:260 [inline]
bpf_ringbuf_area_alloc kernel/bpf/ringbuf.c:130 [inline]
bpf_ringbuf_alloc+0x100/0x434 kernel/bpf/ringbuf.c:167
ringbuf_map_alloc+0x19c/0x288 kernel/bpf/ringbuf.c:207
find_and_alloc_map kernel/bpf/syscall.c:131 [inline]
map_create+0x48c/0xbc8 kernel/bpf/syscall.c:1106
__sys_bpf+0x284/0x654 kernel/bpf/syscall.c:4950
__do_sys_bpf kernel/bpf/syscall.c:5072 [inline]
__se_sys_bpf kernel/bpf/syscall.c:5070 [inline]
__arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:5070
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:206
el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 9004d2a1 91188021 aa1303e0 97fcfa38 (d4210000)
---[ end trace 0000000000000000 ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages