bisecting cause commit starting from f4bc5bbb5fef3cf421ba3485d6d383c27ec473ed building syzkaller on 0b33604d8e2793b82ec89abecf82d92b82e3d410 testing commit f4bc5bbb5fef3cf421ba3485d6d383c27ec473ed compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 489171eeed1325d2a4cb0259fd153a10ba25810ff4eeec6eed45a6e07c0ef017 all runs: crashed: WARNING: kmalloc bug in xdp_umem_create testing release v5.16 testing commit df0cc57e057f18e44dac8e6c18aba47ab53202f9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c446c74f07ff1f42cd72d4c03ac7a53f6a1cd75c74c252aff3accf3154cb4b1b all runs: crashed: WARNING: kmalloc bug in xdp_umem_create testing release v5.15 testing commit 8bb7eca972ad531c9b149c0a51ab43a417385813 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b13d2a243a51ce7e14770f5bf34f4d3a5b58cc35b6b4f978bdd9cba1989398e9 all runs: crashed: WARNING: kmalloc bug in xdp_umem_create testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a0e48eb4f8f67ee4954979e6cac50845d5e4a224ab6791d17f70cd00a4de8e54 all runs: OK # git bisect start 8bb7eca972ad531c9b149c0a51ab43a417385813 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 6693 revisions left to test after this (roughly 13 steps) [477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6] Merge tag 'drm-next-2021-08-31-1' of git://anongit.freedesktop.org/drm/drm testing commit 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8bf43251a178ead6d6b9e0aa20734b714880b532107f51182c48ef80fa13e8ad all runs: OK # git bisect good 477f70cd2a67904e04c2c2b9bd0fa2e95222f2f6 Bisecting: 3317 revisions left to test after this (roughly 12 steps) [626bf91a292e2035af5b9d9cce35c5c138dfe06d] Merge tag 'net-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 626bf91a292e2035af5b9d9cce35c5c138dfe06d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: aeaaff7b9cb35c65a7e39230a2cf45c3e65fda1f171d436b185d767d05b719df all runs: crashed: WARNING: kmalloc bug in xdp_umem_create # git bisect bad 626bf91a292e2035af5b9d9cce35c5c138dfe06d Bisecting: 1702 revisions left to test after this (roughly 11 steps) [23852bec534a1633dc08f4df88b8493ae99953a9] Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma testing commit 23852bec534a1633dc08f4df88b8493ae99953a9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 04367b6523b915ae6e6130f1c1f7a6aa995dbfb432e3950b0eec8170a72c760e all runs: crashed: WARNING: kmalloc bug in xdp_umem_create # git bisect bad 23852bec534a1633dc08f4df88b8493ae99953a9 Bisecting: 839 revisions left to test after this (roughly 10 steps) [9e5f3ffcf1cb34e7c7beb3f79a96f58536730924] Merge tag 'devicetree-for-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux testing commit 9e5f3ffcf1cb34e7c7beb3f79a96f58536730924 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5dd55d9b9914001fcfb96d33799f0ef077169ff21e6f7155f87198934c198d1c all runs: OK # git bisect good 9e5f3ffcf1cb34e7c7beb3f79a96f58536730924 Bisecting: 417 revisions left to test after this (roughly 9 steps) [89b6b8cd92c068cd1bdf877ec7fb1392568ef35d] Merge tag 'vfio-v5.15-rc1' of git://github.com/awilliam/linux-vfio testing commit 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4bc901a8ea0c14db1c613025dc675976fde86759f331b2c1cbee9ec81596ecf7 all runs: crashed: WARNING: kmalloc bug in xdp_umem_create # git bisect bad 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d Bisecting: 210 revisions left to test after this (roughly 8 steps) [412106c203b759fa7fbcc4f855a90ab18e681ccb] Merge tag 'erofs-for-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs testing commit 412106c203b759fa7fbcc4f855a90ab18e681ccb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e96b9bf66d347387057e0496baa63aa113948d273bd1741d58b7009fb03d9a7e all runs: OK # git bisect good 412106c203b759fa7fbcc4f855a90ab18e681ccb Bisecting: 107 revisions left to test after this (roughly 7 steps) [c815f04ba94940fbc303a6ea9669e7da87f8e77d] Merge tag 'linux-kselftest-kunit-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest testing commit c815f04ba94940fbc303a6ea9669e7da87f8e77d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 23a20df381891f7f704cfa1fc58cd0a5e48d5b8567d49e298d49e3e1ba659f7b all runs: crashed: WARNING: kmalloc bug in xdp_umem_create # git bisect bad c815f04ba94940fbc303a6ea9669e7da87f8e77d Bisecting: 45 revisions left to test after this (roughly 6 steps) [265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d] Merge tag 'dlm-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm testing commit 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2c025c70c503ffb45c7045e37cbd7c28832e7c5855536c1d56c27af8e7614ce5 all runs: crashed: WARNING: kmalloc bug in xdp_umem_create # git bisect bad 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d Bisecting: 33 revisions left to test after this (roughly 5 steps) [baaae979b112642a41b71c71c599d875c067d257] ext4: make the updating inode data procedure atomic testing commit baaae979b112642a41b71c71c599d875c067d257 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8ae0d0583a706ee8226cc575f23114ba7b5d0639b15d2f9d2fab73c1beffa97f run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in lock_sock_nested run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good baaae979b112642a41b71c71c599d875c067d257 Bisecting: 16 revisions left to test after this (roughly 4 steps) [7661809d493b426e979f39ab512e3adf41fbcc69] mm: don't allow oversized kvmalloc() calls testing commit 7661809d493b426e979f39ab512e3adf41fbcc69 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8bebd8240cddb75ea5c355c4d38dad8b12e470024b23106fa36bceeea6787718 all runs: crashed: WARNING: kmalloc bug in xdp_umem_create # git bisect bad 7661809d493b426e979f39ab512e3adf41fbcc69 Bisecting: 8 revisions left to test after this (roughly 3 steps) [ffb24e3c657869b256c3f90792d262fe09f49628] ovl: relax lookup error on mismatch origin ftype testing commit ffb24e3c657869b256c3f90792d262fe09f49628 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: fd9730d8f6ad13a8f8e610a72aa68843d8032408feb67c633dcf8576bdc20ca7 all runs: OK # git bisect good ffb24e3c657869b256c3f90792d262fe09f49628 Bisecting: 4 revisions left to test after this (roughly 2 steps) [52d5a0c6bd8a89f460243ed937856354f8f253a3] ovl: fix BUG_ON() in may_delete() when called from ovl_cleanup() testing commit 52d5a0c6bd8a89f460243ed937856354f8f253a3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: eb9edfa7bcb63d14f510572587992856906cb43b685d531f7532d6db6dca265f all runs: OK # git bisect good 52d5a0c6bd8a89f460243ed937856354f8f253a3 Bisecting: 2 revisions left to test after this (roughly 1 step) [332f606b32b6291a944c8cf23b91f53a6e676525] ovl: enable RCU'd ->get_acl() testing commit 332f606b32b6291a944c8cf23b91f53a6e676525 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: b48bb2f6b366f820d41724c0805e858f72f4e7edb736eb22da66af32f5bc4003 all runs: OK # git bisect good 332f606b32b6291a944c8cf23b91f53a6e676525 Bisecting: 0 revisions left to test after this (roughly 1 step) [111c1aa8cad4a0069dfe98fc093507b5b2cdfda7] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 392a2d7042f6c58c283efffce9e9a5790b649a6cc9b414fcb71e4a9fb84a0930 all runs: OK # git bisect good 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 7661809d493b426e979f39ab512e3adf41fbcc69 is the first bad commit commit 7661809d493b426e979f39ab512e3adf41fbcc69 Author: Linus Torvalds Date: Wed Jul 14 09:45:49 2021 -0700 mm: don't allow oversized kvmalloc() calls 'kvmalloc()' is a convenience function for people who want to do a kmalloc() but fall back on vmalloc() if there aren't enough physically contiguous pages, or if the allocation is larger than what kmalloc() supports. However, let's make sure it doesn't get _too_ easy to do crazy things with it. In particular, don't allow big allocations that could be due to integer overflow or underflow. So make sure the allocation size fits in an 'int', to protect against trivial integer conversion issues. Acked-by: Willy Tarreau Cc: Kees Cook Signed-off-by: Linus Torvalds mm/util.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: 8bebd8240cddb75ea5c355c4d38dad8b12e470024b23106fa36bceeea6787718 parent signature: 392a2d7042f6c58c283efffce9e9a5790b649a6cc9b414fcb71e4a9fb84a0930 revisions tested: 18, total time: 3h8m21.668131374s (build: 2h16m15.091402884s, test: 50m7.426192952s) first bad commit: 7661809d493b426e979f39ab512e3adf41fbcc69 mm: don't allow oversized kvmalloc() calls recipients (to): ["akpm@linux-foundation.org" "linux-mm@kvack.org" "torvalds@linux-foundation.org" "w@1wt.eu"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: kmalloc bug in xdp_umem_create ------------[ cut here ]------------ WARNING: CPU: 0 PID: 5801 at mm/util.c:597 kvmalloc_node+0x7b/0x90 mm/util.c:600 Modules linked in: CPU: 1 PID: 5801 Comm: syz-executor449 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kvmalloc_node+0x7b/0x90 mm/util.c:597 Code: 2b 48 8b 3c 24 8b 54 24 0c 48 81 ff ff ff ff 7f 77 18 4c 8b 44 24 18 48 83 c4 10 89 d1 89 ea 5d be 01 00 00 00 e9 45 01 0b 00 <0f> 0b 48 83 c4 10 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 RSP: 0018:ffffc90001357c60 EFLAGS: 00010212 RAX: 0000000000000000 RBX: ffff888016821e40 RCX: ffff888016821e1c RDX: 00000000ffffffff RSI: 0000000000012dc0 RDI: 00000007ff810000 RBP: 0000000000002dc0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 000000000007a089 R12: 00000000fff02000 R13: 0000000000000000 R14: 0000000000000800 R15: ffff888016821e00 FS: 000055555648b300(0000) GS:ffff8880b9e00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 00000000322c0000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kvmalloc include/linux/mm.h:806 [inline] kvmalloc_array include/linux/mm.h:824 [inline] kvcalloc include/linux/mm.h:829 [inline] xdp_umem_pin_pages net/xdp/xdp_umem.c:102 [inline] xdp_umem_reg net/xdp/xdp_umem.c:219 [inline] xdp_umem_create+0x6a5/0xf00 net/xdp/xdp_umem.c:252 xsk_setsockopt+0x604/0x790 net/xdp/xsk.c:1068 __sys_setsockopt+0x1fd/0x4e0 net/socket.c:2176 __do_sys_setsockopt net/socket.c:2187 [inline] __se_sys_setsockopt net/socket.c:2184 [inline] __x64_sys_setsockopt+0xb5/0x150 net/socket.c:2184 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fd20fce6b29 Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffcc6d684b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd20fce6b29 RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000003 RBP: 00007fd20fcaacd0 R08: 0000000000000020 R09: 0000000000000000 R10: 0000000020000080 R11: 0000000000000246 R12: 00007fd20fcaad60 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000