INFO: task can't die in shrink_lruvec (2)
7 views
Skip to first unread message
syzbot
Dec 14, 2021, 6:03:19 PM12/14/21
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 4eee8d0b64ec Add linux-next specific files for 20211208
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=146a706db00000
kernel config: https://syzkaller.appspot.com/x/.config?x=20b74d9da4ce1ef1
dashboard link: https://syzkaller.appspot.com/bug?extid=c4409575c5be64d6bde4
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [ak...@linux-foundation.org linux-...@vger.kernel.org linu...@kvack.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c44095...@syzkaller.appspotmail.com
INFO: task syz-executor.5:21480 can't die for more than 143 seconds.
task:syz-executor.5 state:R running task stack:21024 pid:21480 ppid: 8216 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0xab2/0x4d90 kernel/sched/core.c:6296
preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6462
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irq+0x3c/0x40 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:404 [inline]
shrink_inactive_list mm/vmscan.c:2405 [inline]
shrink_list mm/vmscan.c:2621 [inline]
shrink_lruvec+0xdd7/0x2660 mm/vmscan.c:2940
shrink_node_memcgs mm/vmscan.c:3129 [inline]
shrink_node+0x858/0x1eb0 mm/vmscan.c:3252
shrink_zones mm/vmscan.c:3485 [inline]
do_try_to_free_pages+0x491/0x1620 mm/vmscan.c:3541
try_to_free_pages+0x29f/0x750 mm/vmscan.c:3776
__perform_reclaim mm/page_alloc.c:4603 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4624 [inline]
__alloc_pages_slowpath.constprop.0+0xa9e/0x2080 mm/page_alloc.c:5014
__alloc_pages+0x412/0x500 mm/page_alloc.c:5389
alloc_pages+0x1aa/0x310 mm/mempolicy.c:2271
alloc_slab_page mm/slub.c:1799 [inline]
allocate_slab mm/slub.c:1944 [inline]
new_slab+0x28d/0x3a0 mm/slub.c:2004
___slab_alloc+0x6be/0xd60 mm/slub.c:3019
__slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3106
slab_alloc_node mm/slub.c:3197 [inline]
slab_alloc mm/slub.c:3239 [inline]
kmem_cache_alloc+0x35c/0x3a0 mm/slub.c:3244
mempool_alloc+0x146/0x350 mm/mempool.c:392
bio_alloc_bioset+0x2ff/0x4a0 block/bio.c:468
bio_clone_fast+0x21/0x160 block/bio.c:750
bio_split+0xc9/0x320 block/bio.c:1519
blk_bio_segment_split block/blk-merge.c:324 [inline]
__blk_queue_split+0x82c/0x1330 block/blk-merge.c:359
blk_mq_submit_bio+0x3f2/0x21c0 block/blk-mq.c:2741
__submit_bio block/blk-core.c:802 [inline]
__submit_bio_noacct_mq block/blk-core.c:877 [inline]
submit_bio_noacct block/blk-core.c:903 [inline]
submit_bio_noacct+0x82c/0xa20 block/blk-core.c:892
submit_bio block/blk-core.c:964 [inline]
submit_bio+0x1ea/0x430 block/blk-core.c:922
mpage_bio_submit fs/mpage.c:66 [inline]
do_mpage_readpage+0x10b8/0x2590 fs/mpage.c:314
mpage_readahead+0x3db/0x920 fs/mpage.c:389
read_pages+0x1db/0x790 mm/readahead.c:129
page_cache_ra_unbounded+0x585/0x780 mm/readahead.c:238
do_page_cache_ra+0xf9/0x140 mm/readahead.c:268
do_sync_mmap_readahead mm/filemap.c:3058 [inline]
filemap_fault+0x157f/0x21c0 mm/filemap.c:3151
__do_fault+0x10d/0x790 mm/memory.c:3846
do_read_fault mm/memory.c:4161 [inline]
do_fault mm/memory.c:4290 [inline]
handle_pte_fault mm/memory.c:4548 [inline]
__handle_mm_fault+0x2761/0x4160 mm/memory.c:4683
handle_mm_fault+0x1c8/0x790 mm/memory.c:4781
do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
handle_page_fault arch/x86/mm/fault.c:1484 [inline]
exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1540
asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0010:fault_in_readable+0x152/0x250 mm/gup.c:1804
Code: 47 e8 45 31 f6 e8 ae 2b ca ff 48 39 eb 75 13 eb 2e e8 a2 2b ca ff 48 81 c3 00 10 00 00 48 39 eb 74 1d e8 91 2b ca ff 45 89 f7 <8a> 13 31 ff 44 89 fe 88 54 24 28 e8 9e 2d ca ff 45 85 ff 74 d2 e8
RSP: 0018:ffffc9000e647ab8 EFLAGS: 00050293
RAX: 0000000000000000 RBX: 0000000020321000 RCX: 0000000000000000
RDX: ffff88801a0e1d40 RSI: ffffffff81adb7bf RDI: 0000000000000003
RBP: 0000000020322000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff81adb850 R11: 0000000000000000 R12: 0000000000001000
R13: 0000000020320280 R14: 0000000000000000 R15: 0000000000000000
fault_in_iov_iter_readable lib/iov_iter.c:459 [inline]
fault_in_iov_iter_readable+0x11f/0x1f0 lib/iov_iter.c:445
generic_perform_write+0x15b/0x510 mm/filemap.c:3806
__generic_file_write_iter+0x1c7/0x510 mm/filemap.c:3943
generic_file_write_iter+0xd7/0x220 mm/filemap.c:3975
call_write_iter include/linux/fs.h:2079 [inline]
new_sync_write+0x429/0x660 fs/read_write.c:503
vfs_write+0x7cd/0xae0 fs/read_write.c:590
ksys_pwrite64 fs/read_write.c:697 [inline]
__do_sys_pwrite64 fs/read_write.c:707 [inline]
__se_sys_pwrite64 fs/read_write.c:704 [inline]
__x64_sys_pwrite64+0x1fd/0x250 fs/read_write.c:704
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fcedd8c6e67
RSP: 002b:00007fcedc246f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fcedd95d9c8 RCX: 00007fcedd8c6e67
RDX: 0000000008100000 RSI: 0000000020000280 RDI: 0000000000000015
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000015
R13: 0000000000000015 R14: 00000000200004b8 R15: 0000000000000005
</TASK>
Showing all locks held in the system:
1 lock held by systemd/1:
1 lock held by khungtaskd/27:
#0: ffffffff8bb828a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460
1 lock held by kswapd0/98:
1 lock held by kswapd1/99:
1 lock held by systemd-journal/2961:
1 lock held by systemd-timesyn/3055:
1 lock held by cron/6224:
1 lock held by in:imklog/6232:
1 lock held by syz-fuzzer/6524:
2 locks held by kworker/1:0/6657:
3 locks held by kworker/0:7/8274:
2 locks held by kworker/u4:8/10850:
3 locks held by syz-executor.5/21480:
=============================================
----------------
Code disassembly (best guess):
0: 47 e8 45 31 f6 e8 rex.RXB callq 0xe8f6314b
6: ae scas %es:(%rdi),%al
7: 2b ca sub %edx,%ecx
9: ff 48 39 decl 0x39(%rax)
c: eb 75 jmp 0x83
e: 13 eb adc %ebx,%ebp
10: 2e e8 a2 2b ca ff cs callq 0xffca2bb8
16: 48 81 c3 00 10 00 00 add $0x1000,%rbx
1d: 48 39 eb cmp %rbp,%rbx
20: 74 1d je 0x3f
22: e8 91 2b ca ff callq 0xffca2bb8
27: 45 89 f7 mov %r14d,%r15d
* 2a: 8a 13 mov (%rbx),%dl <-- trapping instruction
2c: 31 ff xor %edi,%edi
2e: 44 89 fe mov %r15d,%esi
31: 88 54 24 28 mov %dl,0x28(%rsp)
35: e8 9e 2d ca ff callq 0xffca2dd8
3a: 45 85 ff test %r15d,%r15d
3d: 74 d2 je 0x11
3f: e8 .byte 0xe8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 4eee8d0b64ec Add linux-next specific files for 20211208
git tree: linux-next
console output: https://syzkaller.appspot.com/x/log.txt?x=146a706db00000
kernel config: https://syzkaller.appspot.com/x/.config?x=20b74d9da4ce1ef1
dashboard link: https://syzkaller.appspot.com/bug?extid=c4409575c5be64d6bde4
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
CC: [ak...@linux-foundation.org linux-...@vger.kernel.org linu...@kvack.org]
Unfortunately, I don't have any reproducer for this issue yet.
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+c44095...@syzkaller.appspotmail.com
INFO: task syz-executor.5:21480 can't die for more than 143 seconds.
task:syz-executor.5 state:R running task stack:21024 pid:21480 ppid: 8216 flags:0x00004006
Call Trace:
<TASK>
context_switch kernel/sched/core.c:4986 [inline]
__schedule+0xab2/0x4d90 kernel/sched/core.c:6296
preempt_schedule_common+0x45/0xc0 kernel/sched/core.c:6462
preempt_schedule_thunk+0x16/0x18 arch/x86/entry/thunk_64.S:35
__raw_spin_unlock_irq include/linux/spinlock_api_smp.h:160 [inline]
_raw_spin_unlock_irq+0x3c/0x40 kernel/locking/spinlock.c:202
spin_unlock_irq include/linux/spinlock.h:404 [inline]
shrink_inactive_list mm/vmscan.c:2405 [inline]
shrink_list mm/vmscan.c:2621 [inline]
shrink_lruvec+0xdd7/0x2660 mm/vmscan.c:2940
shrink_node_memcgs mm/vmscan.c:3129 [inline]
shrink_node+0x858/0x1eb0 mm/vmscan.c:3252
shrink_zones mm/vmscan.c:3485 [inline]
do_try_to_free_pages+0x491/0x1620 mm/vmscan.c:3541
try_to_free_pages+0x29f/0x750 mm/vmscan.c:3776
__perform_reclaim mm/page_alloc.c:4603 [inline]
__alloc_pages_direct_reclaim mm/page_alloc.c:4624 [inline]
__alloc_pages_slowpath.constprop.0+0xa9e/0x2080 mm/page_alloc.c:5014
__alloc_pages+0x412/0x500 mm/page_alloc.c:5389
alloc_pages+0x1aa/0x310 mm/mempolicy.c:2271
alloc_slab_page mm/slub.c:1799 [inline]
allocate_slab mm/slub.c:1944 [inline]
new_slab+0x28d/0x3a0 mm/slub.c:2004
___slab_alloc+0x6be/0xd60 mm/slub.c:3019
__slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3106
slab_alloc_node mm/slub.c:3197 [inline]
slab_alloc mm/slub.c:3239 [inline]
kmem_cache_alloc+0x35c/0x3a0 mm/slub.c:3244
mempool_alloc+0x146/0x350 mm/mempool.c:392
bio_alloc_bioset+0x2ff/0x4a0 block/bio.c:468
bio_clone_fast+0x21/0x160 block/bio.c:750
bio_split+0xc9/0x320 block/bio.c:1519
blk_bio_segment_split block/blk-merge.c:324 [inline]
__blk_queue_split+0x82c/0x1330 block/blk-merge.c:359
blk_mq_submit_bio+0x3f2/0x21c0 block/blk-mq.c:2741
__submit_bio block/blk-core.c:802 [inline]
__submit_bio_noacct_mq block/blk-core.c:877 [inline]
submit_bio_noacct block/blk-core.c:903 [inline]
submit_bio_noacct+0x82c/0xa20 block/blk-core.c:892
submit_bio block/blk-core.c:964 [inline]
submit_bio+0x1ea/0x430 block/blk-core.c:922
mpage_bio_submit fs/mpage.c:66 [inline]
do_mpage_readpage+0x10b8/0x2590 fs/mpage.c:314
mpage_readahead+0x3db/0x920 fs/mpage.c:389
read_pages+0x1db/0x790 mm/readahead.c:129
page_cache_ra_unbounded+0x585/0x780 mm/readahead.c:238
do_page_cache_ra+0xf9/0x140 mm/readahead.c:268
do_sync_mmap_readahead mm/filemap.c:3058 [inline]
filemap_fault+0x157f/0x21c0 mm/filemap.c:3151
__do_fault+0x10d/0x790 mm/memory.c:3846
do_read_fault mm/memory.c:4161 [inline]
do_fault mm/memory.c:4290 [inline]
handle_pte_fault mm/memory.c:4548 [inline]
__handle_mm_fault+0x2761/0x4160 mm/memory.c:4683
handle_mm_fault+0x1c8/0x790 mm/memory.c:4781
do_user_addr_fault+0x489/0x11c0 arch/x86/mm/fault.c:1397
handle_page_fault arch/x86/mm/fault.c:1484 [inline]
exc_page_fault+0x9e/0x180 arch/x86/mm/fault.c:1540
asm_exc_page_fault+0x1e/0x30 arch/x86/include/asm/idtentry.h:568
RIP: 0010:fault_in_readable+0x152/0x250 mm/gup.c:1804
Code: 47 e8 45 31 f6 e8 ae 2b ca ff 48 39 eb 75 13 eb 2e e8 a2 2b ca ff 48 81 c3 00 10 00 00 48 39 eb 74 1d e8 91 2b ca ff 45 89 f7 <8a> 13 31 ff 44 89 fe 88 54 24 28 e8 9e 2d ca ff 45 85 ff 74 d2 e8
RSP: 0018:ffffc9000e647ab8 EFLAGS: 00050293
RAX: 0000000000000000 RBX: 0000000020321000 RCX: 0000000000000000
RDX: ffff88801a0e1d40 RSI: ffffffff81adb7bf RDI: 0000000000000003
RBP: 0000000020322000 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff81adb850 R11: 0000000000000000 R12: 0000000000001000
R13: 0000000020320280 R14: 0000000000000000 R15: 0000000000000000
fault_in_iov_iter_readable lib/iov_iter.c:459 [inline]
fault_in_iov_iter_readable+0x11f/0x1f0 lib/iov_iter.c:445
generic_perform_write+0x15b/0x510 mm/filemap.c:3806
__generic_file_write_iter+0x1c7/0x510 mm/filemap.c:3943
generic_file_write_iter+0xd7/0x220 mm/filemap.c:3975
call_write_iter include/linux/fs.h:2079 [inline]
new_sync_write+0x429/0x660 fs/read_write.c:503
vfs_write+0x7cd/0xae0 fs/read_write.c:590
ksys_pwrite64 fs/read_write.c:697 [inline]
__do_sys_pwrite64 fs/read_write.c:707 [inline]
__se_sys_pwrite64 fs/read_write.c:704 [inline]
__x64_sys_pwrite64+0x1fd/0x250 fs/read_write.c:704
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fcedd8c6e67
RSP: 002b:00007fcedc246f00 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
RAX: ffffffffffffffda RBX: 00007fcedd95d9c8 RCX: 00007fcedd8c6e67
RDX: 0000000008100000 RSI: 0000000020000280 RDI: 0000000000000015
RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000015
R13: 0000000000000015 R14: 00000000200004b8 R15: 0000000000000005
</TASK>
Showing all locks held in the system:
1 lock held by systemd/1:
1 lock held by khungtaskd/27:
#0: ffffffff8bb828a0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x53/0x260 kernel/locking/lockdep.c:6460
1 lock held by kswapd0/98:
1 lock held by kswapd1/99:
1 lock held by systemd-journal/2961:
1 lock held by systemd-timesyn/3055:
1 lock held by cron/6224:
1 lock held by in:imklog/6232:
1 lock held by syz-fuzzer/6524:
2 locks held by kworker/1:0/6657:
3 locks held by kworker/0:7/8274:
2 locks held by kworker/u4:8/10850:
3 locks held by syz-executor.5/21480:
=============================================
----------------
Code disassembly (best guess):
0: 47 e8 45 31 f6 e8 rex.RXB callq 0xe8f6314b
6: ae scas %es:(%rdi),%al
7: 2b ca sub %edx,%ecx
9: ff 48 39 decl 0x39(%rax)
c: eb 75 jmp 0x83
e: 13 eb adc %ebx,%ebp
10: 2e e8 a2 2b ca ff cs callq 0xffca2bb8
16: 48 81 c3 00 10 00 00 add $0x1000,%rbx
1d: 48 39 eb cmp %rbp,%rbx
20: 74 1d je 0x3f
22: e8 91 2b ca ff callq 0xffca2bb8
27: 45 89 f7 mov %r14d,%r15d
* 2a: 8a 13 mov (%rbx),%dl <-- trapping instruction
2c: 31 ff xor %edi,%edi
2e: 44 89 fe mov %r15d,%esi
31: 88 54 24 28 mov %dl,0x28(%rsp)
35: e8 9e 2d ca ff callq 0xffca2dd8
3a: 45 85 ff test %r15d,%r15d
3d: 74 d2 je 0x11
3f: e8 .byte 0xe8
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 8, 2022, 5:58:14 PM2/8/22
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages