syzbot


kernel BUG at mm/vmalloc.c:LINE! (2)

Status: fixed on 2022/01/24 20:33
Reported-by: syzbot+5f326d255ca648131f87@syzkaller.appspotmail.com
Fix commit: 537cf4e3cc2f xsk: Fix umem cleanup bug at socket destruct
First crash: 762d, last: 347d

Cause bisection: introduced by (bisect log) :
commit bdbfb1d52d5e576c1d275fd8ab59b677011229e8
Author: Ingo Molnar <mingo@kernel.org>
Date: Sun Jun 7 19:12:51 2020 +0000

  Revert "mm/vmalloc: modify struct vmap_area to reduce its size"

Crash: kernel BUG at mm/vmalloc.c:LINE! (log)
Repro: C syz .config

Fix bisection: fixed by (bisect log) :
commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29
Author: Magnus Karlsson <magnus.karlsson@intel.com>
Date: Fri Nov 20 11:53:39 2020 +0000

  xsk: Fix umem cleanup bug at socket destruct

similar bugs (2):
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream kernel BUG at mm/vmalloc.c:LINE! 3 1692d 1692d 0/23 closed as invalid on 2018/02/13 19:59
linux-4.14 kernel BUG at mm/vmalloc.c:LINE! 1 707d 707d 0/1 auto-closed as invalid on 2020/12/28 07:15

Sample crash report:
------------[ cut here ]------------
kernel BUG at mm/vmalloc.c:2364!
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 10 Comm: ksoftirqd/0 Not tainted 5.10.0-rc2-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:vunmap mm/vmalloc.c:2364 [inline]
RIP: 0010:vunmap+0x5c/0x60 mm/vmalloc.c:2362
Code: c7 00 9e 55 89 e8 e4 8b a3 ff 48 85 ed 74 0f e8 8a 54 c8 ff 31 f6 48 89 ef e8 80 f4 ff ff 5b 5d e9 79 54 c8 ff e8 74 54 c8 ff <0f> 0b 66 90 41 57 41 56 49 89 fe 41 55 41 54 49 bc 00 00 00 00 00
RSP: 0018:ffffc90000cf7c68 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000100 RCX: ffffffff81a7b470
RDX: ffff888010d69a40 RSI: ffffffff81a7b4ac RDI: 0000000000000005
RBP: ffffc9000a481000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888141657ca8
R13: ffff88801aa294a8 R14: ffffffff815d3c66 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004c6228 CR3: 000000000b08e000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 xdp_umem_addr_unmap net/xdp/xdp_umem.c:44 [inline]
 xdp_umem_release net/xdp/xdp_umem.c:62 [inline]
 xdp_put_umem+0x113/0x330 net/xdp/xdp_umem.c:80
 xsk_destruct net/xdp/xsk.c:1150 [inline]
 xsk_destruct+0xc0/0xf0 net/xdp/xsk.c:1142
 __sk_destruct+0x4b/0x8f0 net/core/sock.c:1759
 rcu_do_batch kernel/rcu/tree.c:2476 [inline]
 rcu_core+0x5df/0xe80 kernel/rcu/tree.c:2711
 __do_softirq+0x2a0/0x9f6 kernel/softirq.c:298
 run_ksoftirqd kernel/softirq.c:653 [inline]
 run_ksoftirqd+0x2d/0x50 kernel/softirq.c:645
 smpboot_thread_fn+0x655/0x9e0 kernel/smpboot.c:165
 kthread+0x3af/0x4a0 kernel/kthread.c:292
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:296
Modules linked in:
---[ end trace 5718eb24eb0560de ]---
RIP: 0010:vunmap mm/vmalloc.c:2364 [inline]
RIP: 0010:vunmap+0x5c/0x60 mm/vmalloc.c:2362
Code: c7 00 9e 55 89 e8 e4 8b a3 ff 48 85 ed 74 0f e8 8a 54 c8 ff 31 f6 48 89 ef e8 80 f4 ff ff 5b 5d e9 79 54 c8 ff e8 74 54 c8 ff <0f> 0b 66 90 41 57 41 56 49 89 fe 41 55 41 54 49 bc 00 00 00 00 00
RSP: 0018:ffffc90000cf7c68 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000100 RCX: ffffffff81a7b470
RDX: ffff888010d69a40 RSI: ffffffff81a7b4ac RDI: 0000000000000005
RBP: ffffc9000a481000 R08: 0000000000000001 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000000 R12: ffff888141657ca8
R13: ffff88801aa294a8 R14: ffffffff815d3c66 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000004c6228 CR3: 000000000b08e000 CR4: 00000000001506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400

Crashes (6605):
Manager Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Title
ci-upstream-net-this-kasan-gce 2020/11/11 19:26 net e87d24fce924 cca87986 .config log report syz C
ci-upstream-linux-next-kasan-gce-root 2020/07/20 16:47 linux-next ab8be66e724e 4285ffa3 .config log report syz C
ci-upstream-kasan-gce-selinux-root 2020/12/03 07:20 upstream 3bb61aa61828 8c9190ef .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/03 06:44 upstream 3bb61aa61828 8c9190ef .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/03 05:43 upstream 3bb61aa61828 8c9190ef .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/03 05:07 upstream 3bb61aa61828 8c9190ef .config log report info
ci-upstream-kasan-gce-root 2020/12/03 03:35 upstream 509a15421674 8c9190ef .config log report info
ci-upstream-kasan-gce-root 2020/12/03 02:31 upstream 509a15421674 8c9190ef .config log report info
ci-upstream-kasan-gce 2020/12/03 02:26 upstream 3bb61aa61828 8c9190ef .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/02 23:05 upstream 509a15421674 8c9190ef .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/02 22:08 upstream 509a15421674 8c9190ef .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/02 20:50 upstream 509a15421674 8c9190ef .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/02 20:00 upstream 509a15421674 8c9190ef .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/02 19:44 upstream 509a15421674 8c9190ef .config log report info
ci-upstream-kasan-gce-root 2020/12/02 13:24 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-root 2020/12/02 10:47 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-root 2020/12/02 09:45 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/02 09:14 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/02 07:40 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-root 2020/12/02 07:06 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce 2020/12/02 06:54 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-root 2020/12/02 06:06 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/02 01:30 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/02 00:25 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-root 2020/12/01 23:19 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/01 23:12 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/01 22:11 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-root 2020/12/01 20:16 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce 2020/12/01 19:58 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-smack-root 2020/12/01 18:48 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce 2020/12/01 18:13 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-selinux-root 2020/12/01 16:54 upstream b65054597872 07bfe8a5 .config log report info
ci-qemu-upstream 2020/12/01 15:40 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-root 2020/12/01 15:35 upstream b65054597872 07bfe8a5 .config log report info
ci-upstream-kasan-gce-smack-root 2020/07/06 12:17 upstream 7cc2a8ea1048 51095195 .config log report
ci-qemu-upstream-386 2020/12/02 05:15 upstream 509a15421674 c42a35e9 .config log report info
ci-qemu-upstream-386 2020/12/02 03:23 upstream 509a15421674 c42a35e9 .config log report info
ci-upstream-kasan-gce-386 2020/12/01 00:58 upstream b65054597872 78d50c1d .config log report info
ci-upstream-net-this-kasan-gce 2020/11/28 23:15 net c84e1efae022 76b4dcc7 .config log report info
ci-upstream-net-kasan-gce 2020/12/11 18:23 net-next 91163f821436 ba24ffcd .config log report info
ci-upstream-net-kasan-gce 2020/12/04 01:22 net-next cec85994c6b4 e6b0d314 .config log report info
ci-upstream-net-kasan-gce 2020/12/03 11:16 net-next cec85994c6b4 e6b0d314 .config log report info
ci-upstream-net-kasan-gce 2020/12/03 08:34 net-next cec85994c6b4 8c9190ef .config log report info
ci-upstream-net-kasan-gce 2020/12/03 01:11 net-next 6b4f503186b7 8c9190ef .config log report info
ci-upstream-net-kasan-gce 2020/12/03 00:08 net-next 6b4f503186b7 8c9190ef .config log report info
ci-upstream-net-kasan-gce 2020/12/02 21:15 net-next 6b4f503186b7 8c9190ef .config log report info
ci-upstream-net-kasan-gce 2020/12/02 18:37 net-next 6b4f503186b7 8c9190ef .config log report info
ci-upstream-net-kasan-gce 2020/12/02 16:38 net-next 6b4f503186b7 8c9190ef .config log report info
ci-upstream-net-kasan-gce 2020/12/02 14:29 net-next 87f75e5860e0 c42a35e9 .config log report info
ci-upstream-net-kasan-gce 2020/12/02 08:42 net-next 87f75e5860e0 c42a35e9 .config log report info
ci-upstream-net-kasan-gce 2020/12/02 04:52 net-next 87f75e5860e0 c42a35e9 .config log report info
ci-upstream-net-kasan-gce 2020/12/02 02:09 net-next cb7fb043e69a 07bfe8a5 .config log report info
ci-upstream-net-kasan-gce 2020/12/01 21:40 net-next cb7fb043e69a 07bfe8a5 .config log report info
ci-upstream-net-kasan-gce 2020/12/01 16:42 net-next cb7fb043e69a 07bfe8a5 .config log report info
ci-upstream-linux-next-kasan-gce-root 2021/08/25 09:20 linux-next 372b2891c15a b599f2fc .config log report info kernel BUG in vmalloc_to_page
ci-upstream-linux-next-kasan-gce-root 2020/11/23 09:03 linux-next 95065cb54210 0d27f508 .config log report info