BUG: spinlock bad magic in page_vma_mapped_walk
7 views
Skip to first unread message
syzbot
Nov 10, 2018, 8:54:04 PM11/10/18
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following crash on:
HEAD commit: 442b8cea2477 Add linux-next specific files for 20181109
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=124d0f7b400000
kernel config: https://syzkaller.appspot.com/x/.config?x=66046c6bfaf1f24d
dashboard link: https://syzkaller.appspot.com/bug?extid=96a7885536dfb99c17e1
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [bsing...@gmail.com jgl...@redhat.com
kirill....@linux.intel.com linux-...@vger.kernel.org
linu...@kvack.org mho...@suse.com rcam...@nvidia.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+96a788...@syzkaller.appspotmail.com
BUG: spinlock bad magic on CPU#1, syz-executor5/17666
lock: 0xffff8801d95afe18, .magic: ffff8801, .owner: <none>/-1, .owner_cpu:
-1
CPU: 1 PID: 17666 Comm: syz-executor5 Not tainted 4.20.0-rc1-next-20181109+
#109
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x244/0x39d lib/dump_stack.c:113
spin_dump.cold.3+0x81/0xe7 kernel/locking/spinlock_debug.c:67
spin_bug kernel/locking/spinlock_debug.c:75 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
do_raw_spin_lock+0x2cc/0x350 kernel/locking/spinlock_debug.c:112
__raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
_raw_spin_lock+0x35/0x40 kernel/locking/spinlock.c:144
spin_lock include/linux/spinlock.h:329 [inline]
map_pte mm/page_vma_mapped.c:51 [inline]
page_vma_mapped_walk+0x1878/0x27c0 mm/page_vma_mapped.c:213
page_referenced_one+0x2cb/0x840 mm/rmap.c:764
rmap_walk_file+0x80a/0x1190 mm/rmap.c:1886
rmap_walk+0x22c/0x350 mm/rmap.c:1904
page_referenced+0x864/0xaa0 mm/rmap.c:874
shrink_active_list+0x904/0x1f00 mm/vmscan.c:2140
shrink_list mm/vmscan.c:2272 [inline]
shrink_node_memcg+0x7fc/0x18d0 mm/vmscan.c:2541
shrink_node+0x3bc/0x16b0 mm/vmscan.c:2756
shrink_zones mm/vmscan.c:2988 [inline]
do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3050
try_to_free_pages+0x4cb/0xb90 mm/vmscan.c:3265
__perform_reclaim mm/page_alloc.c:3769 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3791 [inline]
__alloc_pages_slowpath+0xa14/0x2e30 mm/page_alloc.c:4192
__alloc_pages_nodemask+0xa7b/0xdd0 mm/page_alloc.c:4391
alloc_pages_current+0x173/0x350 mm/mempolicy.c:2080
alloc_pages include/linux/gfp.h:509 [inline]
__page_cache_alloc+0x3ce/0x570 mm/filemap.c:924
__do_page_cache_readahead+0x2af/0x810 mm/readahead.c:193
ra_submit mm/internal.h:66 [inline]
do_sync_mmap_readahead mm/filemap.c:2371 [inline]
filemap_fault+0xf4e/0x25f0 mm/filemap.c:2447
__do_fault+0x100/0x6b0 mm/memory.c:2996
do_shared_fault mm/memory.c:3463 [inline]
do_fault mm/memory.c:3538 [inline]
handle_pte_fault mm/memory.c:3765 [inline]
__handle_mm_fault+0x3ca6/0x5be0 mm/memory.c:3889
handle_mm_fault+0x54f/0xc70 mm/memory.c:3926
do_user_addr_fault arch/x86/mm/fault.c:1423 [inline]
__do_page_fault+0x5d6/0xe40 arch/x86/mm/fault.c:1489
do_page_fault+0xed/0x7d1 arch/x86/mm/fault.c:1520
page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1139
RIP: 0033:0x43e851
Code: 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b
0f b6 0e 88 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e <66> 89 0f 48 83
c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e
RSP: 002b:00007fff26aaee18 EFLAGS: 00010202
RAX: 0000000020000100 RBX: 000000000072c900 RCX: 0000000000002f2e
RDX: 000000000000000e RSI: 0000000000732570 RDI: 0000000020000100
RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff26aaeee0 R11: 0000000000000246 R12: 000000000072bfac
R13: 00000000000003e8 R14: 0000000000074b0f R15: 0000000000074ae2
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot found the following crash on:
HEAD commit: 442b8cea2477 Add linux-next specific files for 20181109
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=124d0f7b400000
kernel config: https://syzkaller.appspot.com/x/.config?x=66046c6bfaf1f24d
dashboard link: https://syzkaller.appspot.com/bug?extid=96a7885536dfb99c17e1
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
CC: [bsing...@gmail.com jgl...@redhat.com
kirill....@linux.intel.com linux-...@vger.kernel.org
linu...@kvack.org mho...@suse.com rcam...@nvidia.com]
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+96a788...@syzkaller.appspotmail.com
BUG: spinlock bad magic on CPU#1, syz-executor5/17666
lock: 0xffff8801d95afe18, .magic: ffff8801, .owner: <none>/-1, .owner_cpu:
-1
CPU: 1 PID: 17666 Comm: syz-executor5 Not tainted 4.20.0-rc1-next-20181109+
#109
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x244/0x39d lib/dump_stack.c:113
spin_dump.cold.3+0x81/0xe7 kernel/locking/spinlock_debug.c:67
spin_bug kernel/locking/spinlock_debug.c:75 [inline]
debug_spin_lock_before kernel/locking/spinlock_debug.c:83 [inline]
do_raw_spin_lock+0x2cc/0x350 kernel/locking/spinlock_debug.c:112
__raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
_raw_spin_lock+0x35/0x40 kernel/locking/spinlock.c:144
spin_lock include/linux/spinlock.h:329 [inline]
map_pte mm/page_vma_mapped.c:51 [inline]
page_vma_mapped_walk+0x1878/0x27c0 mm/page_vma_mapped.c:213
page_referenced_one+0x2cb/0x840 mm/rmap.c:764
rmap_walk_file+0x80a/0x1190 mm/rmap.c:1886
rmap_walk+0x22c/0x350 mm/rmap.c:1904
page_referenced+0x864/0xaa0 mm/rmap.c:874
shrink_active_list+0x904/0x1f00 mm/vmscan.c:2140
shrink_list mm/vmscan.c:2272 [inline]
shrink_node_memcg+0x7fc/0x18d0 mm/vmscan.c:2541
shrink_node+0x3bc/0x16b0 mm/vmscan.c:2756
shrink_zones mm/vmscan.c:2988 [inline]
do_try_to_free_pages+0x3e7/0x1290 mm/vmscan.c:3050
try_to_free_pages+0x4cb/0xb90 mm/vmscan.c:3265
__perform_reclaim mm/page_alloc.c:3769 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:3791 [inline]
__alloc_pages_slowpath+0xa14/0x2e30 mm/page_alloc.c:4192
__alloc_pages_nodemask+0xa7b/0xdd0 mm/page_alloc.c:4391
alloc_pages_current+0x173/0x350 mm/mempolicy.c:2080
alloc_pages include/linux/gfp.h:509 [inline]
__page_cache_alloc+0x3ce/0x570 mm/filemap.c:924
__do_page_cache_readahead+0x2af/0x810 mm/readahead.c:193
ra_submit mm/internal.h:66 [inline]
do_sync_mmap_readahead mm/filemap.c:2371 [inline]
filemap_fault+0xf4e/0x25f0 mm/filemap.c:2447
__do_fault+0x100/0x6b0 mm/memory.c:2996
do_shared_fault mm/memory.c:3463 [inline]
do_fault mm/memory.c:3538 [inline]
handle_pte_fault mm/memory.c:3765 [inline]
__handle_mm_fault+0x3ca6/0x5be0 mm/memory.c:3889
handle_mm_fault+0x54f/0xc70 mm/memory.c:3926
do_user_addr_fault arch/x86/mm/fault.c:1423 [inline]
__do_page_fault+0x5d6/0xe40 arch/x86/mm/fault.c:1489
do_page_fault+0xed/0x7d1 arch/x86/mm/fault.c:1520
page_fault+0x1e/0x30 arch/x86/entry/entry_64.S:1139
RIP: 0033:0x43e851
Code: 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b
0f b6 0e 88 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e <66> 89 0f 48 83
c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e
RSP: 002b:00007fff26aaee18 EFLAGS: 00010202
RAX: 0000000020000100 RBX: 000000000072c900 RCX: 0000000000002f2e
RDX: 000000000000000e RSI: 0000000000732570 RDI: 0000000020000100
RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000
R10: 00007fff26aaeee0 R11: 0000000000000246 R12: 000000000072bfac
R13: 00000000000003e8 R14: 0000000000074b0f R15: 0000000000074ae2
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot
May 9, 2019, 12:29:03 PM5/9/19
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages