[v5.15] kernel BUG in add_to_swap
0 views
Skip to first unread message
syzbot
Dec 27, 2023, 5:40:21 PM12/27/23
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: d93fa2c78854 Linux 5.15.145
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12bb37a5e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=8eb25e663e3df1b9
dashboard link: https://syzkaller.appspot.com/bug?extid=f9bb47b6c9114628ff82
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/45f65ff2a6ba/disk-d93fa2c7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/983a4d12af77/vmlinux-d93fa2c7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8864285a1d94/Image-d93fa2c7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f9bb47...@syzkaller.appspotmail.com
raw: 05ffc00000480809 dead000000000100 dead000000000122 ffff00013c75f111
raw: 0000000000020003 0000000000000000 00000002ffffffff ffff0000d01d4000
page dumped because: VM_BUG_ON_PAGE(!PageUptodate(page))
------------[ cut here ]------------
kernel BUG at mm/swap_state.c:190!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 27142 Comm: syz-executor.4 Not tainted 5.15.145-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : add_to_swap+0x22c/0x24c mm/swap_state.c:190
lr : add_to_swap+0x22c/0x24c mm/swap_state.c:190
sp : ffff80001f2768f0
x29: ffff80001f2768f0 x28: 0000000000000000 x27: ffff80001f276ea0
x26: fffffc0005862fc8 x25: dead000000000100 x24: 1fffff8000b0c5f9
x23: dfff800000000000 x22: 0000000000000000 x21: 05ffc00000480809
x20: 05ffc00000480809 x19: fffffc0005862fc0 x18: 1fffe00036902b8e
x17: 1fffe00036902b8e x16: ffff800011978f6c x15: ffff8000149aed40
x14: 1ffff0000292206a x13: dfff800000000000 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002117c000 x9 : f419a91087a1f800
x8 : f419a91087a1f800 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000854d280
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000038
Call trace:
add_to_swap+0x22c/0x24c mm/swap_state.c:190
shrink_page_list+0x354c/0x63f4 mm/vmscan.c:1566
shrink_inactive_list mm/vmscan.c:2216 [inline]
shrink_list mm/vmscan.c:2443 [inline]
shrink_lruvec+0x1550/0x2ae4 mm/vmscan.c:2762
shrink_node_memcgs mm/vmscan.c:2949 [inline]
shrink_node+0xdbc/0x21b4 mm/vmscan.c:3072
shrink_zones mm/vmscan.c:3275 [inline]
do_try_to_free_pages+0x538/0x126c mm/vmscan.c:3330
try_to_free_mem_cgroup_pages+0x3a4/0xbb4 mm/vmscan.c:3644
try_charge_memcg+0x3f8/0x128c mm/memcontrol.c:2651
obj_cgroup_charge_pages+0xb0/0x1d0 mm/memcontrol.c:3015
__memcg_kmem_charge_page+0x3e4/0x674 mm/memcontrol.c:3055
__alloc_pages+0x240/0x674 mm/page_alloc.c:5438
__alloc_pages_node include/linux/gfp.h:570 [inline]
alloc_pages_node include/linux/gfp.h:584 [inline]
bpf_ringbuf_area_alloc kernel/bpf/ringbuf.c:96 [inline]
bpf_ringbuf_alloc+0x100/0x3e4 kernel/bpf/ringbuf.c:133
ringbuf_map_alloc+0x1d0/0x2bc kernel/bpf/ringbuf.c:172
find_and_alloc_map kernel/bpf/syscall.c:127 [inline]
map_create+0x438/0xc98 kernel/bpf/syscall.c:855
__sys_bpf+0x240/0x610 kernel/bpf/syscall.c:4596
__do_sys_bpf kernel/bpf/syscall.c:4718 [inline]
__se_sys_bpf kernel/bpf/syscall.c:4716 [inline]
__arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:4716
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: f0049801 913e0021 aa1303e0 97fd4ed8 (d4210000)
---[ end trace 73655f200be9426b ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: d93fa2c78854 Linux 5.15.145
git tree: linux-5.15.y
console output: https://syzkaller.appspot.com/x/log.txt?x=12bb37a5e80000
kernel config: https://syzkaller.appspot.com/x/.config?x=8eb25e663e3df1b9
dashboard link: https://syzkaller.appspot.com/bug?extid=f9bb47b6c9114628ff82
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm64
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/45f65ff2a6ba/disk-d93fa2c7.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/983a4d12af77/vmlinux-d93fa2c7.xz
kernel image: https://storage.googleapis.com/syzbot-assets/8864285a1d94/Image-d93fa2c7.gz.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f9bb47...@syzkaller.appspotmail.com
raw: 05ffc00000480809 dead000000000100 dead000000000122 ffff00013c75f111
raw: 0000000000020003 0000000000000000 00000002ffffffff ffff0000d01d4000
page dumped because: VM_BUG_ON_PAGE(!PageUptodate(page))
------------[ cut here ]------------
kernel BUG at mm/swap_state.c:190!
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 PID: 27142 Comm: syz-executor.4 Not tainted 5.15.145-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : add_to_swap+0x22c/0x24c mm/swap_state.c:190
lr : add_to_swap+0x22c/0x24c mm/swap_state.c:190
sp : ffff80001f2768f0
x29: ffff80001f2768f0 x28: 0000000000000000 x27: ffff80001f276ea0
x26: fffffc0005862fc8 x25: dead000000000100 x24: 1fffff8000b0c5f9
x23: dfff800000000000 x22: 0000000000000000 x21: 05ffc00000480809
x20: 05ffc00000480809 x19: fffffc0005862fc0 x18: 1fffe00036902b8e
x17: 1fffe00036902b8e x16: ffff800011978f6c x15: ffff8000149aed40
x14: 1ffff0000292206a x13: dfff800000000000 x12: 0000000000040000
x11: 000000000003ffff x10: ffff80002117c000 x9 : f419a91087a1f800
x8 : f419a91087a1f800 x7 : 0000000000000000 x6 : 0000000000000000
x5 : 0000000000000080 x4 : 0000000000000000 x3 : ffff80000854d280
x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000038
Call trace:
add_to_swap+0x22c/0x24c mm/swap_state.c:190
shrink_page_list+0x354c/0x63f4 mm/vmscan.c:1566
shrink_inactive_list mm/vmscan.c:2216 [inline]
shrink_list mm/vmscan.c:2443 [inline]
shrink_lruvec+0x1550/0x2ae4 mm/vmscan.c:2762
shrink_node_memcgs mm/vmscan.c:2949 [inline]
shrink_node+0xdbc/0x21b4 mm/vmscan.c:3072
shrink_zones mm/vmscan.c:3275 [inline]
do_try_to_free_pages+0x538/0x126c mm/vmscan.c:3330
try_to_free_mem_cgroup_pages+0x3a4/0xbb4 mm/vmscan.c:3644
try_charge_memcg+0x3f8/0x128c mm/memcontrol.c:2651
obj_cgroup_charge_pages+0xb0/0x1d0 mm/memcontrol.c:3015
__memcg_kmem_charge_page+0x3e4/0x674 mm/memcontrol.c:3055
__alloc_pages+0x240/0x674 mm/page_alloc.c:5438
__alloc_pages_node include/linux/gfp.h:570 [inline]
alloc_pages_node include/linux/gfp.h:584 [inline]
bpf_ringbuf_area_alloc kernel/bpf/ringbuf.c:96 [inline]
bpf_ringbuf_alloc+0x100/0x3e4 kernel/bpf/ringbuf.c:133
ringbuf_map_alloc+0x1d0/0x2bc kernel/bpf/ringbuf.c:172
find_and_alloc_map kernel/bpf/syscall.c:127 [inline]
map_create+0x438/0xc98 kernel/bpf/syscall.c:855
__sys_bpf+0x240/0x610 kernel/bpf/syscall.c:4596
__do_sys_bpf kernel/bpf/syscall.c:4718 [inline]
__se_sys_bpf kernel/bpf/syscall.c:4716 [inline]
__arm64_sys_bpf+0x80/0x98 kernel/bpf/syscall.c:4716
__invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: f0049801 913e0021 aa1303e0 97fd4ed8 (d4210000)
---[ end trace 73655f200be9426b ]---
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
Reply all
Reply to author
Forward
0 new messages