syzbot

 sign-in | mailing list | source | docs
🐞 Open [992] Subsystems 🐞 Fixed [5242] 🐞 Invalid [12509] Missing Backports [84] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

riscv/fixes boot error: WARNING in __apply_to_page_range (2)

Status: fixed on 2023/06/08 14:41
Subsystems: bpf
[Documentation on labels]
Reported-by: syzbot+5702f46b5b22bdb38b7e@syzkaller.appspotmail.com
Fix commit: 96f9d4daf745 riscv: Rework kasan population functions
First crash: 492d, last: 430d
Discussions (2)
Title Replies (including bot) Last reply
[syzbot] riscv/fixes boot error: WARNING in __apply_to_page_range (2) 1 (5) 2023/04/18 13:15
Re: [syzbot] riscv/fixes boot error: WARNING in __apply_to_page_range (2) 1 (1) 2022/12/21 13:13
Similar bugs (1)
Kernel Title Repro Cause bisect Fix bisect Count Last Reported Patched Status
upstream riscv/fixes boot error: WARNING in __apply_to_page_range bpf 1 644d 643d 0/26 auto-obsoleted due to no activity on 2022/11/19 11:24

Sample crash report:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 2756 at mm/memory.c:2637 apply_to_pmd_range mm/memory.c:2637 [inline]
WARNING: CPU: 1 PID: 2756 at mm/memory.c:2637 apply_to_pud_range mm/memory.c:2680 [inline]
WARNING: CPU: 1 PID: 2756 at mm/memory.c:2637 apply_to_p4d_range mm/memory.c:2716 [inline]
WARNING: CPU: 1 PID: 2756 at mm/memory.c:2637 __apply_to_page_range+0x9f4/0x12b4 mm/memory.c:2750
Modules linked in:
CPU: 1 PID: 2756 Comm: dhcpcd Not tainted 6.2.0-rc1-syzkaller #0
Hardware name: riscv-virtio,qemu (DT)
epc : apply_to_pmd_range mm/memory.c:2637 [inline]
epc : apply_to_pud_range mm/memory.c:2680 [inline]
epc : apply_to_p4d_range mm/memory.c:2716 [inline]
epc : __apply_to_page_range+0x9f4/0x12b4 mm/memory.c:2750
 ra : apply_to_pmd_range mm/memory.c:2637 [inline]
 ra : apply_to_pud_range mm/memory.c:2680 [inline]
 ra : apply_to_p4d_range mm/memory.c:2716 [inline]
 ra : __apply_to_page_range+0x9f4/0x12b4 mm/memory.c:2750
epc : ffffffff8043f38c ra : ffffffff8043f38c sp : ff20000004f97290
 gp : ffffffff85efe540 tp : ff6000000bb98000 t0 : ff6000000f5e7b80
 t1 : 00000000000f0000 t2 : ffffffff8047684a s0 : ff20000004f97380
 s1 : fffffffeef001000 a0 : 0000000000000007 a1 : 00000000000f0000
 a2 : ffffffff8043f38c a3 : 0000000000000002 a4 : ff6000000bb99000
 a5 : 0000000000000000 a6 : 0000000000000003 a7 : 0000000000000000
 s2 : 00000000372000e7 s3 : ff6000007a80dbc0 s4 : 0000000000001000
 s5 : 0000000000000006 s6 : 0000000000000000 s7 : ffffffff804ecd06
 s8 : 0000000000000000 s9 : 0000000000000001 s10: fffffffffffff000
 s11: fffffffeef000000 t3 : fffffffff3f3f300 t4 : fffffffef0a47dfc
 t5 : fffffffef0a47dfd t6 : ff6000000e5b9b68
status: 0000000000000120 badaddr: 0000000000000000 cause: 0000000000000003
[<ffffffff8043f38c>] apply_to_pmd_range mm/memory.c:2637 [inline]
[<ffffffff8043f38c>] apply_to_pud_range mm/memory.c:2680 [inline]
[<ffffffff8043f38c>] apply_to_p4d_range mm/memory.c:2716 [inline]
[<ffffffff8043f38c>] __apply_to_page_range+0x9f4/0x12b4 mm/memory.c:2750
[<ffffffff8043fc80>] apply_to_page_range+0x34/0x46 mm/memory.c:2769
[<ffffffff804ecfac>] kasan_populate_vmalloc+0x52/0x5e mm/kasan/shadow.c:315
[<ffffffff80476b76>] alloc_vmap_area+0x4a6/0x1636 mm/vmalloc.c:1647
[<ffffffff80477f78>] __get_vm_area_node+0x272/0x3b0 mm/vmalloc.c:2515
[<ffffffff8047e3d8>] __vmalloc_node_range+0x280/0xdb4 mm/vmalloc.c:3187
[<ffffffff8001938c>] bpf_jit_alloc_exec+0x46/0x52 arch/riscv/net/bpf_jit_core.c:190
[<ffffffff802856ea>] bpf_jit_binary_alloc+0x96/0x13c kernel/bpf/core.c:1025
[<ffffffff8001910a>] bpf_int_jit_compile+0x886/0xaa6 arch/riscv/net/bpf_jit_core.c:112
[<ffffffff80287586>] bpf_prog_select_runtime+0x1a2/0x22e kernel/bpf/core.c:2190
[<ffffffff82969c0c>] bpf_migrate_filter+0x258/0x2be net/core/filter.c:1298
[<ffffffff8296fb54>] bpf_prepare_filter+0x10e/0x1b4 net/core/filter.c:1346
[<ffffffff8296ff24>] __get_filter+0x148/0x1a0 net/core/filter.c:1515
[<ffffffff82976e6a>] sk_attach_filter+0x22/0x11a net/core/filter.c:1530
[<ffffffff828b48d2>] sk_setsockopt+0x144e/0x270c net/core/sock.c:1297
[<ffffffff828b5bd8>] sock_setsockopt+0x48/0x58 net/core/sock.c:1549
[<ffffffff828a2a60>] __sys_setsockopt+0x3f0/0x418 net/socket.c:2242
[<ffffffff828a2ac2>] __do_sys_setsockopt net/socket.c:2257 [inline]
[<ffffffff828a2ac2>] sys_setsockopt+0x3a/0x4c net/socket.c:2254
[<ffffffff80005ff6>] ret_from_syscall+0x0/0x2
irq event stamp: 906
hardirqs last  enabled at (905): [<ffffffff83454146>] __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:151 [inline]
hardirqs last  enabled at (905): [<ffffffff83454146>] _raw_spin_unlock_irqrestore+0x68/0x98 kernel/locking/spinlock.c:194
hardirqs last disabled at (906): [<ffffffff800105d8>] __trace_hardirqs_off+0x18/0x20 arch/riscv/kernel/trace_irq.c:25
softirqs last  enabled at (900): [<ffffffff83454daa>] softirq_handle_end kernel/softirq.c:414 [inline]
softirqs last  enabled at (900): [<ffffffff83454daa>] __do_softirq+0x640/0x930 kernel/softirq.c:600
softirqs last disabled at (879): [<ffffffff800699a2>] do_softirq_own_stack include/asm-generic/softirq_stack.h:10 [inline]
softirqs last disabled at (879): [<ffffffff800699a2>] invoke_softirq kernel/softirq.c:452 [inline]
softirqs last disabled at (879): [<ffffffff800699a2>] __irq_exit_rcu+0x154/0x1ea kernel/softirq.c:650
---[ end trace 0000000000000000 ]---
dhcpcd: vmalloc error: size 4096, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0
CPU: 1 PID: 2756 Comm: dhcpcd Tainted: G        W          6.2.0-rc1-syzkaller #0
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
[<ffffffff8000b9ea>] dump_backtrace+0x2e/0x3c arch/riscv/kernel/stacktrace.c:121
[<ffffffff83402b96>] show_stack+0x34/0x40 arch/riscv/kernel/stacktrace.c:127
[<ffffffff83442726>] __dump_stack lib/dump_stack.c:88 [inline]
[<ffffffff83442726>] dump_stack_lvl+0xe0/0x14c lib/dump_stack.c:106
[<ffffffff834427ae>] dump_stack+0x1c/0x24 lib/dump_stack.c:113
[<ffffffff80489c32>] warn_alloc+0x168/0x22c mm/page_alloc.c:4356
[<ffffffff8047ecc4>] __vmalloc_node_range+0xb6c/0xdb4 mm/vmalloc.c:3192
[<ffffffff8001938c>] bpf_jit_alloc_exec+0x46/0x52 arch/riscv/net/bpf_jit_core.c:190
[<ffffffff802856ea>] bpf_jit_binary_alloc+0x96/0x13c kernel/bpf/core.c:1025
[<ffffffff8001910a>] bpf_int_jit_compile+0x886/0xaa6 arch/riscv/net/bpf_jit_core.c:112
[<ffffffff80287586>] bpf_prog_select_runtime+0x1a2/0x22e kernel/bpf/core.c:2190
[<ffffffff82969c0c>] bpf_migrate_filter+0x258/0x2be net/core/filter.c:1298
[<ffffffff8296fb54>] bpf_prepare_filter+0x10e/0x1b4 net/core/filter.c:1346
[<ffffffff8296ff24>] __get_filter+0x148/0x1a0 net/core/filter.c:1515
[<ffffffff82976e6a>] sk_attach_filter+0x22/0x11a net/core/filter.c:1530
[<ffffffff828b48d2>] sk_setsockopt+0x144e/0x270c net/core/sock.c:1297
[<ffffffff828b5bd8>] sock_setsockopt+0x48/0x58 net/core/sock.c:1549
[<ffffffff828a2a60>] __sys_setsockopt+0x3f0/0x418 net/socket.c:2242
[<ffffffff828a2ac2>] __do_sys_setsockopt net/socket.c:2257 [inline]
[<ffffffff828a2ac2>] sys_setsockopt+0x3a/0x4c net/socket.c:2254
[<ffffffff80005ff6>] ret_from_syscall+0x0/0x2
Mem-Info:
active_anon:464 inactive_anon:30 isolated_anon:0
 active_file:0 inactive_file:726 isolated_file:0
 unevictable:768 dirty:11 writeback:0
 slab_reclaimable:4793 slab_unreclaimable:18415
 mapped:425 shmem:795 pagetables:92
 sec_pagetables:0 bounce:0
 kernel_misc_reclaimable:0
 free:286227 free_pcp:1179 free_cma:4096
Node 0 active_anon:1856kB inactive_anon:120kB active_file:0kB inactive_file:2904kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:1700kB dirty:44kB writeback:0kB shmem:3180kB writeback_tmp:0kB kernel_stack:4480kB pagetables:368kB sec_pagetables:0kB all_unreclaimable? no
Node 0 DMA32 free:1144908kB boost:0kB min:4656kB low:6012kB high:7368kB reserved_highatomic:0KB active_anon:1856kB inactive_anon:120kB active_file:0kB inactive_file:2904kB unevictable:3072kB writepending:44kB present:2095104kB managed:1359004kB mlocked:0kB bounce:0kB free_pcp:4684kB local_pcp:1968kB free_cma:16384kB
lowmem_reserve[]: 0 0 0
Node 0 DMA32: 43*4kB (UE) 2*8kB (ME) 1*16kB (M) 0*32kB 2*64kB (U) 4*128kB (UE) 3*256kB (UME) 1*512kB (M) 2*1024kB (UM) 3*2048kB (UC) 277*4096kB (MC) = 1144908kB
Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
1521 total pagecache pages
0 pages in swap cache
Free swap  = 0kB
Total swap = 0kB
523776 pages RAM
0 pages HighMem/MovableOnly
184025 pages reserved
4096 pages cma reserved

Crashes (5):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2023/02/21 02:56 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 950b879b7f02 2414209c .config console log report ci-qemu2-riscv64 riscv/fixes boot error: WARNING in __apply_to_page_range
2023/02/14 10:37 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 950b879b7f02 de9aae38 .config console log report ci-qemu2-riscv64 riscv/fixes boot error: WARNING in __apply_to_page_range
2023/02/13 10:29 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 950b879b7f02 957959cb .config console log report ci-qemu2-riscv64 riscv/fixes boot error: WARNING in __apply_to_page_range
2023/02/02 14:43 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes 3c349eacc559 33fc5c09 .config console log report ci-qemu2-riscv64 riscv/fixes boot error: WARNING in __apply_to_page_range
2022/12/20 21:39 git://git.kernel.org/pub/scm/linux/kernel/git/riscv/linux.git fixes eb67d239f3aa d3e76707 .config console log report ci-qemu2-riscv64 riscv/fixes boot error: WARNING in __apply_to_page_range
* Struck through repros no longer work on HEAD.