syzbot

 sign-in | mailing list | source | docs
🐞 Open [707] 🐞 Fixed [181] 🐞 Invalid [624] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes

kernel BUG at include/linux/mm.h:LINE!

Status: auto-closed as invalid on 2020/04/08 20:20
Reported-by: syzbot+58ef4244a845f38e97a8@syzkaller.appspotmail.com
First crash: 1153d, last: 1153d
similar bugs (7):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at include/linux/mm.h:LINE! (3) C 14 1440d 1439d 0/24 closed as invalid on 2019/02/27 20:54
linux-4.19 kernel BUG at include/linux/mm.h:LINE! C error 308 88d 1390d 0/1 upstream: reported C repro on 2019/04/17 12:33
upstream kernel BUG at include/linux/mm.h:LINE! syz 68 1704d 1741d 6/24 fixed on 2018/06/07 13:52
upstream kernel BUG at include/linux/mm.h:LINE! (2) C 1009 1440d 1703d 12/24 fixed on 2019/02/26 22:09
upstream kernel BUG at include/linux/mm.h:LINE! (5) C done done 129 1364d 1434d 16/24 fixed on 2020/01/08 01:07
upstream kernel BUG at include/linux/mm.h:LINE! (6) C error error 98 108d 1022d 0/24 upstream: reported C repro on 2020/04/19 15:28
upstream kernel BUG at include/linux/mm.h:LINE! (4) 2 1437d 1436d 0/24 closed as invalid on 2019/03/02 20:05

Sample crash report:
page dumped because: VM_BUG_ON_PAGE(PageSlab(page))
9pnet: Insufficient options for proto=fd
------------[ cut here ]------------
kernel BUG at include/linux/mm.h:573!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
Modules linked in:
CPU: 0 PID: 10897 Comm: syz-executor.5 Not tainted 4.14.158-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
task: ffff88805d3260c0 task.stack: ffff888209558000
RIP: 0010:page_mapcount include/linux/mm.h:573 [inline]
RIP: 0010:isolate_migratepages_block+0x15a7/0x1c20 mm/compaction.c:814
RSP: 0018:ffff88820955f430 EFLAGS: 00010246
RAX: 0000000000040000 RBX: dffffc0000000000 RCX: ffffc90005e3c000
RDX: 0000000000040000 RSI: ffffffff817c3b58 RDI: ffffea0004f0d838
RBP: ffff88820955f548 R08: 0000000000000033 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffffea0004f0d800
R13: ffff88820955f6d0 R14: ffffea0004f0d800 R15: 000000000013c360
FS:  00007f5026ac2700(0000) GS:ffff8880aec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fd2828b6330 CR3: 000000003bead000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 isolate_migratepages mm/compaction.c:1260 [inline]
 compact_zone+0xf0f/0x2650 mm/compaction.c:1584
 compact_zone_order+0xee/0x150 mm/compaction.c:1707
 try_to_compact_pages+0x21b/0xa10 mm/compaction.c:1756
 __alloc_pages_direct_compact+0xbc/0x380 mm/page_alloc.c:3380
 __alloc_pages_slowpath+0xada/0x2930 mm/page_alloc.c:3995
 __alloc_pages_nodemask+0x62c/0x7a0 mm/page_alloc.c:4198
 __alloc_pages include/linux/gfp.h:484 [inline]
 __alloc_pages_node include/linux/gfp.h:497 [inline]
 kmem_getpages mm/slab.c:1419 [inline]
 cache_grow_begin+0x80/0x400 mm/slab.c:2676
 fallback_alloc+0x1fd/0x2c0 mm/slab.c:3217
 ____cache_alloc_node+0x1be/0x1d0 mm/slab.c:3285
 __do_cache_alloc mm/slab.c:3354 [inline]
 slab_alloc mm/slab.c:3382 [inline]
 kmem_cache_alloc_trace+0x213/0x790 mm/slab.c:3616
 kmalloc include/linux/slab.h:488 [inline]
 kzalloc include/linux/slab.h:661 [inline]
 kvm_arch_alloc_vm include/linux/kvm_host.h:816 [inline]
 kvm_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:651 [inline]
 kvm_dev_ioctl_create_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:3270 [inline]
 kvm_dev_ioctl+0x163/0x1620 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3321
 vfs_ioctl fs/ioctl.c:46 [inline]
 file_ioctl fs/ioctl.c:500 [inline]
 do_vfs_ioctl+0x7ae/0x1060 fs/ioctl.c:684
 SYSC_ioctl fs/ioctl.c:701 [inline]
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:692
 do_syscall_64+0x1e8/0x640 arch/x86/entry/common.c:292
 entry_SYSCALL_64_after_hwframe+0x42/0xb7
RIP: 0033:0x45a6f9
RSP: 002b:00007f5026ac1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045a6f9
RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003
RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5026ac26d4
R13: 00000000004c3ad2 R14: 00000000004d90f0 R15: 00000000ffffffff
Code: ff ff e8 8d 32 e2 ff 48 8b 85 48 ff ff ff 48 8d 78 ff e9 36 fb ff ff e8 78 32 e2 ff 48 c7 c6 e0 7f d1 86 4c 89 e7 e8 c9 19 01 00 <0f> 0b 48 89 85 18 ff ff ff e8 5b 32 e2 ff 48 8b 85 18 ff ff ff 
RIP: page_mapcount include/linux/mm.h:573 [inline] RSP: ffff88820955f430
RIP: isolate_migratepages_block+0x15a7/0x1c20 mm/compaction.c:814 RSP: ffff88820955f430
---[ end trace 6c9cc1e2d990e1a1 ]---
kobject: 'loop1' (ffff8880a40a24a0): kobject_uevent_env
9pnet: Insufficient options for proto=fd
kobject: 'loop1' (ffff8880a40a24a0): fill_kobj_path: path = '/devices/virtual/block/loop1'
kobject: 'kvm' (ffff8880a6466dd0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6466dd0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6466dd0): kobject_uevent_env
kobject: 'kvm' (ffff8880a6466dd0): fill_kobj_path: path = '/devices/virtual/misc/kvm'

Crashes (1):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets Title
ci2-linux-4-14 2019/12/10 20:20 linux-4.14.y a844dc4c5442 4b83c8fb .config console log report
* Struck through repros no longer work on HEAD.