Linux-mm Archive on lore.kernel.org
 help / color / Atom feed
* kernel BUG at mm/internal.h:LINE! (2)
@ 2020-07-29 20:04 syzbot
  2020-07-29 21:44 ` Andrew Morton
  2020-07-29 22:21 ` Kirill A. Shutemov
  0 siblings, 2 replies; 3+ messages in thread
From: syzbot @ 2020-07-29 20:04 UTC (permalink / raw)
  To: akpm, linux-kernel, linux-mm, syzkaller-bugs

Hello,

syzbot found the following issue on:

HEAD commit:    68845a55 Merge branch 'akpm' into master (patches from And..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=17c86c54900000
kernel config:  https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267
dashboard link: https://syzkaller.appspot.com/bug?extid=f62749569eab36774dc5
compiler:       gcc (GCC) 10.1.0-syz 20200507

Unfortunately, I don't have any reproducer for this issue yet.

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+f62749569eab36774dc5@syzkaller.appspotmail.com

vma ffff888000153210 start 0007700000077000 end 0000000000077000
next 0007700000000000 prev 0000000007070707 mm 0007700000000000
prot 77700000077000 anon_vma 0000000000000000 vm_ops ffffffff885cecc0
pgoff 0 file ffff88809e09a7c0 private_data 0000000000000000
flags: 0x0()
------------[ cut here ]------------
kernel BUG at mm/internal.h:401!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 1676 Comm: kswapd0 Not tainted 5.8.0-rc6-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vma_address mm/internal.h:401 [inline]
RIP: 0010:vma_address mm/internal.h:393 [inline]
RIP: 0010:rmap_walk_file+0x6a4/0xbf0 mm/rmap.c:1921
Code: e8 91 20 cc ff 48 83 eb 01 48 89 e8 48 29 d8 48 c1 f8 06 48 01 44 24 18 e9 1a fb ff ff e8 74 20 cc ff 4c 89 e7 e8 95 e3 f9 ff <0f> 0b e8 65 20 cc ff 48 8b 44 24 10 4c 8d 68 78 4c 89 ef e8 b4 8a
RSP: 0018:ffffc90006987598 EFLAGS: 00010287
RAX: 000000000000010f RBX: 000770000019e000 RCX: 0000000000000000
RDX: ffff8880a425e540 RSI: ffffffff815d4eb7 RDI: fffff52000d30e8e
RBP: ffffea00021eac40 R08: 000000000000010f R09: ffff8880ae6318e7
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888000153210
R13: dffffc0000000000 R14: 0007700000077000 R15: 0000000000077000
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000788070 CR3: 000000020b00c000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 rmap_walk+0x105/0x190 mm/rmap.c:1946
 page_referenced+0x417/0x4b0 mm/rmap.c:888
 shrink_active_list+0x3a6/0x1350 mm/vmscan.c:2061
 shrink_list mm/vmscan.c:2167 [inline]
 shrink_lruvec+0x842/0x10f0 mm/vmscan.c:2467
 shrink_node_memcgs mm/vmscan.c:2656 [inline]
 shrink_node+0x4b0/0x1b60 mm/vmscan.c:2770
 kswapd_shrink_node mm/vmscan.c:3517 [inline]
 balance_pgdat+0x72f/0x10d0 mm/vmscan.c:3675
 kswapd+0x5a5/0xe70 mm/vmscan.c:3932
 kthread+0x3b5/0x4a0 kernel/kthread.c:291
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
Modules linked in:
---[ end trace aecaf7276f5d1d16 ]---
RIP: 0010:vma_address mm/internal.h:401 [inline]
RIP: 0010:vma_address mm/internal.h:393 [inline]
RIP: 0010:rmap_walk_file+0x6a4/0xbf0 mm/rmap.c:1921
Code: e8 91 20 cc ff 48 83 eb 01 48 89 e8 48 29 d8 48 c1 f8 06 48 01 44 24 18 e9 1a fb ff ff e8 74 20 cc ff 4c 89 e7 e8 95 e3 f9 ff <0f> 0b e8 65 20 cc ff 48 8b 44 24 10 4c 8d 68 78 4c 89 ef e8 b4 8a
RSP: 0018:ffffc90006987598 EFLAGS: 00010287
RAX: 000000000000010f RBX: 000770000019e000 RCX: 0000000000000000
RDX: ffff8880a425e540 RSI: ffffffff815d4eb7 RDI: fffff52000d30e8e
RBP: ffffea00021eac40 R08: 000000000000010f R09: ffff8880ae6318e7
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888000153210
R13: dffffc0000000000 R14: 0007700000077000 R15: 0000000000077000
FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000788070 CR3: 000000020b00c000 CR4: 00000000001426f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: kernel BUG at mm/internal.h:LINE! (2)
  2020-07-29 20:04 kernel BUG at mm/internal.h:LINE! (2) syzbot
@ 2020-07-29 21:44 ` Andrew Morton
  2020-07-29 22:21 ` Kirill A. Shutemov
  1 sibling, 0 replies; 3+ messages in thread
From: Andrew Morton @ 2020-07-29 21:44 UTC (permalink / raw)
  To: syzbot; +Cc: linux-kernel, linux-mm, syzkaller-bugs

On Wed, 29 Jul 2020 13:04:21 -0700 syzbot <syzbot+f62749569eab36774dc5@syzkaller.appspotmail.com> wrote:

> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    68845a55 Merge branch 'akpm' into master (patches from And..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=17c86c54900000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267
> dashboard link: https://syzkaller.appspot.com/bug?extid=f62749569eab36774dc5
> compiler:       gcc (GCC) 10.1.0-syz 20200507
> 
> Unfortunately, I don't have any reproducer for this issue yet.
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+f62749569eab36774dc5@syzkaller.appspotmail.com
> 
> vma ffff888000153210 start 0007700000077000 end 0000000000077000
> next 0007700000000000 prev 0000000007070707 mm 0007700000000000
> prot 77700000077000 anon_vma 0000000000000000 vm_ops ffffffff885cecc0
> pgoff 0 file ffff88809e09a7c0 private_data 0000000000000000
> flags: 0x0()

Well that is one messed up VMA.  Something in the kernel scribbled on
some memory.  Possibly scribbled on the vma itself, possibly scribbled
somewhere in the pointer chase which led us to the vma.

Interestingly, vm_ops (0xffffffff885cecc0) appears to be a valid
address.  Would it be possible to look up that symbol in your kernel,
see if it points at something interesting?

But don't try too hard - I doubt if we'll learn much from it :(

> ------------[ cut here ]------------
> kernel BUG at mm/internal.h:401!
> invalid opcode: 0000 [#1] PREEMPT SMP KASAN
> CPU: 0 PID: 1676 Comm: kswapd0 Not tainted 5.8.0-rc6-syzkaller #0
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> RIP: 0010:vma_address mm/internal.h:401 [inline]
> RIP: 0010:vma_address mm/internal.h:393 [inline]
> RIP: 0010:rmap_walk_file+0x6a4/0xbf0 mm/rmap.c:1921
> Code: e8 91 20 cc ff 48 83 eb 01 48 89 e8 48 29 d8 48 c1 f8 06 48 01 44 24 18 e9 1a fb ff ff e8 74 20 cc ff 4c 89 e7 e8 95 e3 f9 ff <0f> 0b e8 65 20 cc ff 48 8b 44 24 10 4c 8d 68 78 4c 89 ef e8 b4 8a
> RSP: 0018:ffffc90006987598 EFLAGS: 00010287
> RAX: 000000000000010f RBX: 000770000019e000 RCX: 0000000000000000
> RDX: ffff8880a425e540 RSI: ffffffff815d4eb7 RDI: fffff52000d30e8e
> RBP: ffffea00021eac40 R08: 000000000000010f R09: ffff8880ae6318e7
> R10: 0000000000000000 R11: 0000000000000000 R12: ffff888000153210
> R13: dffffc0000000000 R14: 0007700000077000 R15: 0000000000077000
> FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000788070 CR3: 000000020b00c000 CR4: 00000000001426f0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>  rmap_walk+0x105/0x190 mm/rmap.c:1946
>  page_referenced+0x417/0x4b0 mm/rmap.c:888
>  shrink_active_list+0x3a6/0x1350 mm/vmscan.c:2061
>  shrink_list mm/vmscan.c:2167 [inline]
>  shrink_lruvec+0x842/0x10f0 mm/vmscan.c:2467
>  shrink_node_memcgs mm/vmscan.c:2656 [inline]
>  shrink_node+0x4b0/0x1b60 mm/vmscan.c:2770
>  kswapd_shrink_node mm/vmscan.c:3517 [inline]
>  balance_pgdat+0x72f/0x10d0 mm/vmscan.c:3675
>  kswapd+0x5a5/0xe70 mm/vmscan.c:3932
>  kthread+0x3b5/0x4a0 kernel/kthread.c:291
>  ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293
>
> ...
>


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: kernel BUG at mm/internal.h:LINE! (2)
  2020-07-29 20:04 kernel BUG at mm/internal.h:LINE! (2) syzbot
  2020-07-29 21:44 ` Andrew Morton
@ 2020-07-29 22:21 ` Kirill A. Shutemov
  1 sibling, 0 replies; 3+ messages in thread
From: Kirill A. Shutemov @ 2020-07-29 22:21 UTC (permalink / raw)
  To: syzbot; +Cc: akpm, linux-kernel, linux-mm, syzkaller-bugs

On Wed, Jul 29, 2020 at 01:04:21PM -0700, syzbot wrote:
> Hello,
> 
> syzbot found the following issue on:
> 
> HEAD commit:    68845a55 Merge branch 'akpm' into master (patches from And..
> git tree:       upstream
> console output: https://syzkaller.appspot.com/x/log.txt?x=17c86c54900000
> kernel config:  https://syzkaller.appspot.com/x/.config?x=f87a5e4232fdb267
> dashboard link: https://syzkaller.appspot.com/bug?extid=f62749569eab36774dc5
> compiler:       gcc (GCC) 10.1.0-syz 20200507
> 
> Unfortunately, I don't have any reproducer for this issue yet.
> 
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+f62749569eab36774dc5@syzkaller.appspotmail.com
> 
> vma ffff888000153210 start 0007700000077000 end 0000000000077000
> next 0007700000000000 prev 0000000007070707 mm 0007700000000000
> prot 77700000077000 anon_vma 0000000000000000 vm_ops ffffffff885cecc0

All these 0 and 7 look very broken. Is it some magic or just garbage?

-- 
 Kirill A. Shutemov


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-29 20:04 kernel BUG at mm/internal.h:LINE! (2) syzbot
2020-07-29 21:44 ` Andrew Morton
2020-07-29 22:21 ` Kirill A. Shutemov

Linux-mm Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-mm/0 linux-mm/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-mm linux-mm/ https://lore.kernel.org/linux-mm \
		linux-mm@kvack.org
	public-inbox-index linux-mm

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kvack.linux-mm


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git