syzbot

 sign-in | mailing list | source | docs
🐞 Open [717]
🐞 Fixed [181]
🐞 Invalid [640]
Crashes
Kernel Health Bugs/Month Bug Lifetimes Fuzzing
💬 Send us feedback

BUG: sleeping function called from invalid context in __get_free_pages

Status: upstream: reported syz repro on 2022/07/17 06:57
Reported-by: syzbot+195fadf8cc8afa52653d@syzkaller.appspotmail.com
First crash: 1094d, last: 989d
Fix bisection: failed (error log, bisect log)
  
Similar bugs (1)
Kernel Title Rank 🛈 Repro Cause bisect Fix bisect Count Last Reported Patched Status
linux-4.19 BUG: sleeping function called from invalid context in __get_free_pages 5 syz error 2 1094d 1094d 0/1 upstream: reported syz repro on 2022/07/17 06:24
Fix bisection attempts (4)
Created Duration User Patch Repo Result
2023/02/03 12:23 1m bisect fix linux-4.14.y error job log
2022/10/29 11:02 23m bisect fix linux-4.14.y OK (0) job log log
2022/09/15 08:09 20m bisect fix linux-4.14.y OK (0) job log log
2022/08/16 06:57 21m bisect fix linux-4.14.y OK (0) job log log

Sample crash report:
IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
batman_adv: batadv0: Interface activated: batadv_slave_1
IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
BUG: sleeping function called from invalid context at mm/page_alloc.c:4129
in_atomic(): 1, irqs_disabled(): 1, pid: 8236, name: syz-executor.0
2 locks held by syz-executor.0/8236:
 #0:  (&dev->dev_mutex){+.+.}, at: [<ffffffff84bfed91>] v4l2_m2m_fop_poll+0x91/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:802
 #1:  (&(&q->done_lock)->rlock){....}, at: [<ffffffff84bfe19f>] v4l2_m2m_poll+0x16f/0x670 drivers/media/v4l2-core/v4l2-mem2mem.c:541
irq event stamp: 17684
hardirqs last  enabled at (17683): [<ffffffff8723f209>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:160 [inline]
hardirqs last  enabled at (17683): [<ffffffff8723f209>] _raw_spin_unlock_irqrestore+0x79/0xe0 kernel/locking/spinlock.c:192
hardirqs last disabled at (17684): [<ffffffff8723ee96>] __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:108 [inline]
hardirqs last disabled at (17684): [<ffffffff8723ee96>] _raw_spin_lock_irqsave+0x66/0xc0 kernel/locking/spinlock.c:160
softirqs last  enabled at (7742): [<ffffffff8760068b>] __do_softirq+0x68b/0x9ff kernel/softirq.c:314
softirqs last disabled at (7575): [<ffffffff81321cf3>] invoke_softirq kernel/softirq.c:368 [inline]
softirqs last disabled at (7575): [<ffffffff81321cf3>] irq_exit+0x193/0x240 kernel/softirq.c:409
Preemption disabled at:
[<          (null)>]           (null)
CPU: 0 PID: 8236 Comm: syz-executor.0 Not tainted 4.14.288-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022
Call Trace:
 __dump_stack lib/dump_stack.c:17 [inline]
 dump_stack+0x1b2/0x281 lib/dump_stack.c:58
 ___might_sleep.cold+0x235/0x250 kernel/sched/core.c:6041
 prepare_alloc_pages mm/page_alloc.c:4129 [inline]
 __alloc_pages_nodemask+0x56a/0x2720 mm/page_alloc.c:4179
 alloc_pages_current+0x155/0x260 mm/mempolicy.c:2107
 alloc_pages include/linux/gfp.h:520 [inline]
 __get_free_pages+0xb/0x40 mm/page_alloc.c:4233
 poll_get_entry fs/select.c:170 [inline]
 __pollwait+0x233/0x3f0 fs/select.c:225
 poll_wait include/linux/poll.h:50 [inline]
 v4l2_m2m_poll+0x4d2/0x670 drivers/media/v4l2-core/v4l2-mem2mem.c:552
 v4l2_m2m_fop_poll+0xa4/0x110 drivers/media/v4l2-core/v4l2-mem2mem.c:804
 v4l2_poll+0x133/0x1d0 drivers/media/v4l2-core/v4l2-dev.c:342
 do_pollfd fs/select.c:826 [inline]
 do_poll fs/select.c:876 [inline]
 do_sys_poll+0x522/0xc50 fs/select.c:970
 SYSC_poll fs/select.c:1027 [inline]
 SyS_poll+0xf4/0x390 fs/select.c:1015
 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x46/0xbb
RIP: 0033:0x7f4c649cc199
RSP: 002b:00007fff20265c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
RAX: ffffffffffffffda RBX: 00007f4c64adef60 RCX: 00007f4c649cc199
RDX: 000000000000009f RSI: 000000000000000a RDI: 00000000200003c0
RBP: 00007f4c64a2613b R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007f4c64ae3c28 R14: 00007f4c64adef60 R15: 0000000000000000

Crashes (1):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/07/17 06:57 linux-4.14.y 424a46ea058e 95cb00d1 .config console log report syz ci2-linux-4-14 BUG: sleeping function called from invalid context in __get_free_pages
* Struck through repros no longer work on HEAD.