syzbot

 sign-in | mailing list | source | docs
🐞 Open [977] Subsystems 🐞 Fixed [5207] 🐞 Invalid [12453] Missing Backports [82] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

WARNING: kmalloc bug in bpf

Status: fixed on 2023/02/24 13:50
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+cecf5b7071a0dfb76530@syzkaller.appspotmail.com
Fix commit: 0708a0afe291 mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls
First crash: 894d, last: 754d
Cause bisection: introduced by (bisect log) :
commit 22849b5ea5952d853547cc5e0651f34a246b2a4f
Author: Leon Romanovsky <leonro@nvidia.com>
Date: Thu Oct 21 14:16:14 2021 +0000

  devlink: Remove not-executed trap policer notifications

Crash: WARNING in nsim_dev_reload_destroy (log)
Repro: C syz .config
  
Fix bisection: fixed by (bisect log) :
commit 0708a0afe291bdfe1386d74d5ec1f0c27e8b9168
Author: Daniel Borkmann <daniel@iogearbox.net>
Date: Fri Mar 4 14:26:32 2022 +0000

  mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls

  
Discussions (3)
Title Replies (including bot) Last reply
[syzbot] WARNING: kmalloc bug in bpf 1 (5) 2022/04/23 12:13
[PATCH -next v2] bpf: Add oversize check before call kvmalloc() 2 (2) 2021/12/01 11:23
[PATCH -next] bpf: Add oversize check before call kvmalloc() 3 (3) 2021/12/01 10:29
Last patch testing requests (2)
Created Duration User Patch Repo Result
2022/09/06 20:27 16m retest repro bpf-next OK log
2022/09/05 00:27 16m retest repro bpf OK log

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 3596 at mm/util.c:597 kvmalloc_node+0x111/0x120 mm/util.c:597
Modules linked in:
CPU: 1 PID: 3596 Comm: syz-executor837 Not tainted 5.16.0-rc7-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:kvmalloc_node+0x111/0x120 mm/util.c:597
Code: 01 00 00 00 4c 89 e7 e8 9d f5 0c 00 49 89 c5 e9 69 ff ff ff e8 d0 23 d1 ff 41 89 ed 41 81 cd 00 20 01 00 eb 95 e8 bf 23 d1 ff <0f> 0b e9 4c ff ff ff 0f 1f 84 00 00 00 00 00 55 48 89 fd 53 e8 a6
RSP: 0018:ffffc90001aafcc0 EFLAGS: 00010293
RAX: 0000000000000000 RBX: 1ffff92000355fa3 RCX: 0000000000000000
RDX: ffff888021421d00 RSI: ffffffff81a66e71 RDI: 0000000000000003
RBP: 0000000000102cc0 R08: 000000007fffffff R09: 00000000ffffffff
R10: ffffffff81a66e2e R11: 0000000000000000 R12: 00000000fffffffd
R13: 0000000000000000 R14: 00000000ffffffff R15: ffff88807ee52780
FS:  0000555557283300(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000565020d48dc0 CR3: 00000000715d9000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 kvmalloc include/linux/slab.h:741 [inline]
 map_update_elem kernel/bpf/syscall.c:1172 [inline]
 __sys_bpf+0x450b/0x5950 kernel/bpf/syscall.c:4621
 __do_sys_bpf kernel/bpf/syscall.c:4737 [inline]
 __se_sys_bpf kernel/bpf/syscall.c:4735 [inline]
 __x64_sys_bpf+0x75/0xb0 kernel/bpf/syscall.c:4735
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7fc80ad37089
Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffcdc85bf48 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fc80ad37089
RDX: 0000000000000020 RSI: 0000000020000140 RDI: 0000000000000002
RBP: 00007fc80acfb070 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc80acfb100
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
 </TASK>

Crashes (562):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2022/01/05 06:17 net-old 1d5a47424040 0a2584dd .config console log report syz C ci-upstream-net-this-kasan-gce WARNING: kmalloc bug in bpf
2021/12/12 04:38 net-old ee60e626d536 49ca1f59 .config console log report syz C ci-upstream-net-this-kasan-gce WARNING: kmalloc bug in bpf
2022/01/05 06:02 net-next-old ffd32ea6b13c 0a2584dd .config console log report syz C ci-upstream-net-kasan-gce WARNING: kmalloc bug in bpf
2021/12/12 03:39 net-next-old 77ab714f0070 49ca1f59 .config console log report syz C ci-upstream-net-kasan-gce WARNING: kmalloc bug in bpf
2021/12/11 22:51 bpf 0be2516f865f 49ca1f59 .config console log report syz C ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2021/12/11 22:32 bpf-next 229fae38d0fc 49ca1f59 .config console log report syz C ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/02/28 10:25 upstream 52a025546731 45a13a73 .config console log report info ci-upstream-kasan-gce-root WARNING: kmalloc bug in bpf
2022/02/26 05:23 upstream 53ab78cd6d5a 45a13a73 .config console log report info ci-qemu-upstream WARNING: kmalloc bug in bpf
2022/02/26 03:53 upstream 53ab78cd6d5a 45a13a73 .config console log report info ci-upstream-kasan-gce-selinux-root WARNING: kmalloc bug in bpf
2022/02/18 05:16 upstream f71077a4d84b 3cd800e4 .config console log report info ci-upstream-kasan-gce-smack-root WARNING: kmalloc bug in bpf
2022/03/03 18:35 upstream 5859a2b19911 45a13a73 .config console log report info ci-qemu-upstream-386 WARNING: kmalloc bug in bpf
2022/03/15 05:25 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/14 23:44 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/13 07:04 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/12 12:18 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/11 23:44 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/10 17:07 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/10 14:30 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/10 09:33 net-old cc7e2f596e64 9e8eaa75 .config console log report info ci-upstream-net-this-kasan-gce WARNING: kmalloc bug in bpf
2022/03/10 04:58 bpf 18b1ab7aa76b 9e8eaa75 .config console log report info ci-upstream-bpf-kasan-gce WARNING: kmalloc bug in bpf
2022/03/09 14:44 net-old c79fcc27be90 9e8eaa75 .config console log report info ci-upstream-net-this-kasan-gce WARNING: kmalloc bug in bpf
2022/03/08 04:35 net-old c70c453abcbf 7bdd8b2c .config console log report info ci-upstream-net-this-kasan-gce WARNING: kmalloc bug in bpf
2022/03/07 02:59 net-old afb3cc1a397d 7bdd8b2c .config console log report info ci-upstream-net-this-kasan-gce WARNING: kmalloc bug in bpf
2022/03/23 15:51 bpf-next 7f0059b58f02 5ff41e94 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/23 08:22 bpf-next 7f0059b58f02 5ff41e94 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/22 01:11 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/22 00:08 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/21 22:52 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/21 13:19 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/21 10:55 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/20 21:59 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/19 06:33 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/19 02:54 bpf-next 08063b4bc158 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/18 04:01 bpf-next ad13baf45691 e2d91b1d .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/16 14:55 bpf-next 6585abea98ae 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/15 01:14 bpf-next d3b351f65bf4 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/14 07:33 bpf-next d3b351f65bf4 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/11 23:41 bpf-next d3b351f65bf4 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/11 09:28 bpf-next 6789ab9668d9 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/11 08:04 bpf-next 6789ab9668d9 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/10 23:29 bpf-next 743bec1b78af 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/10 09:30 bpf-next de55c9a1967c 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/09 10:54 bpf-next 3399dd9f372b 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/09 00:26 bpf-next d23a8720327d 9e8eaa75 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/08 10:20 bpf-next 04b6de649e12 7bdd8b2c .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/08 02:36 bpf-next c344b9fc2108 7bdd8b2c .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/07 19:23 bpf-next c344b9fc2108 7bdd8b2c .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/06 14:24 bpf-next c344b9fc2108 7bdd8b2c .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/01 12:34 net-next-old f2b77012ddd5 45a13a73 .config console log report info ci-upstream-net-kasan-gce WARNING: kmalloc bug in bpf
2021/11/26 04:19 bpf-next e4f7ac90c2b0 63eeac02 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2021/11/03 05:37 bpf-next cc0356d6a02e 17f3edd2 .config console log report info ci-upstream-bpf-next-kasan-gce WARNING: kmalloc bug in bpf
2022/03/19 03:00 linux-next 91265a6da44d e2d91b1d .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/19 01:31 linux-next 91265a6da44d e2d91b1d .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/17 08:13 linux-next 91265a6da44d dfa9a8ed .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/16 02:57 linux-next 91265a6da44d 9e8eaa75 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/14 20:31 linux-next 91265a6da44d 9e8eaa75 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/13 13:15 linux-next 91265a6da44d 9e8eaa75 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/11 21:13 linux-next 91265a6da44d 9e8eaa75 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/11 06:33 linux-next 91265a6da44d 9e8eaa75 .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
2022/03/08 01:53 linux-next 91265a6da44d 7bdd8b2c .config console log report info ci-upstream-linux-next-kasan-gce-root WARNING: kmalloc bug in bpf
* Struck through repros no longer work on HEAD.