bisecting cause commit starting from a9c9a6f741cdaa2fa9ba24a790db8d07295761e3 building syzkaller on f62a58290e2f1200a2b21f2707a9ff0394a2a724 testing commit a9c9a6f741cdaa2fa9ba24a790db8d07295761e3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6a4bd0f3462bcc42db61abcf8a08f3db395d44c4e5a247eec233a3ceb74be0f2 all runs: crashed: WARNING: kmalloc bug in check_btf_line testing release v5.14 testing commit 7d2a07b769330c34b4deabeed939325c77a7ec2f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 22f356b24ddd30ea3e41017a45adf7b1452162a1d468cc20535b0490e0ecba4c all runs: OK # git bisect start a9c9a6f741cdaa2fa9ba24a790db8d07295761e3 7d2a07b769330c34b4deabeed939325c77a7ec2f Bisecting: 4220 revisions left to test after this (roughly 12 steps) [ebf435d3b51b22340ef047aad0c2936ec4833ab2] Merge tag 'staging-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit ebf435d3b51b22340ef047aad0c2936ec4833ab2 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip ebf435d3b51b22340ef047aad0c2936ec4833ab2 Bisecting: 4220 revisions left to test after this (roughly 12 steps) [afb08b7e220ef7278ffceb4f9e201c2a904e18a9] net: ipa: move IPA flags field testing commit afb08b7e220ef7278ffceb4f9e201c2a904e18a9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b413cb415a15a35148a8340bd88acc95db627bb54d4bfdeb9f6da116bd0cbead all runs: OK # git bisect good afb08b7e220ef7278ffceb4f9e201c2a904e18a9 Bisecting: 3980 revisions left to test after this (roughly 12 steps) [07281a257a6868b900da5de1eda808c9e20253f1] Merge tag 'usb-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 07281a257a6868b900da5de1eda808c9e20253f1 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip 07281a257a6868b900da5de1eda808c9e20253f1 Bisecting: 3980 revisions left to test after this (roughly 12 steps) [8d7e5908c0bcf8a0abc437385e58e49abab11a93] mailbox: qcom-ipcc: Enable loading QCOM_IPCC as a module testing commit 8d7e5908c0bcf8a0abc437385e58e49abab11a93 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: fd5a27e0d1cccf5ad707f7d0c7e59147b9153cd7c14455dedcba28d58fae0e54 all runs: OK # git bisect good 8d7e5908c0bcf8a0abc437385e58e49abab11a93 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [e6e7471706dc42cbe0e01278540c0730138d43e5] bvec: add a bvec_kmap_local helper testing commit e6e7471706dc42cbe0e01278540c0730138d43e5 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 42e950dbe05260044ce2054f70d645cc29c7933d7fa6e8b6a0ecaa9a311d37a1 all runs: OK # git bisect good e6e7471706dc42cbe0e01278540c0730138d43e5 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [8c945d32e60427cbc0859cf7045bbe6196bb03d8] btrfs: compression: drop kmap/kunmap from lzo testing commit 8c945d32e60427cbc0859cf7045bbe6196bb03d8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 37a4c81f740f4405e622b91eefbfd909aad5fb196bd511fd7b1985b2c6e41eb8 all runs: OK # git bisect good 8c945d32e60427cbc0859cf7045bbe6196bb03d8 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [5b16a790f18d234187f31eab0a222bd53cb12b9e] phy: cadence-torrent: Reorder few functions to remove function declarations testing commit 5b16a790f18d234187f31eab0a222bd53cb12b9e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0509027043b58cf3084618bb1cb2a4808f27aab9384c64f1aa27bc2ed1c23735 all runs: OK # git bisect good 5b16a790f18d234187f31eab0a222bd53cb12b9e Bisecting: 3978 revisions left to test after this (roughly 12 steps) [eb5a4422e448a8200ddaafef0cc16db3f45ec1f8] leds: max77693: Move driver to flash subdirectory testing commit eb5a4422e448a8200ddaafef0cc16db3f45ec1f8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0509027043b58cf3084618bb1cb2a4808f27aab9384c64f1aa27bc2ed1c23735 run #0: basic kernel testing failed: BUG: sleeping function called from invalid context in stack_depot_save run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good eb5a4422e448a8200ddaafef0cc16db3f45ec1f8 Bisecting: 3978 revisions left to test after this (roughly 12 steps) [d40dfb860ad72a32b9c2aeae739a2725f8ce011a] ASoC: sh: rz-ssi: Fix dereference of noderef expression warning testing commit d40dfb860ad72a32b9c2aeae739a2725f8ce011a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 0509027043b58cf3084618bb1cb2a4808f27aab9384c64f1aa27bc2ed1c23735 all runs: OK # git bisect good d40dfb860ad72a32b9c2aeae739a2725f8ce011a Bisecting: 3958 revisions left to test after this (roughly 12 steps) [7c314bdfb64e4bb8d2f829376ed56ce663483752] Merge tag 'tty-5.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty testing commit 7c314bdfb64e4bb8d2f829376ed56ce663483752 arch/x86/kernel/setup.c:916:6: error: implicit declaration of function 'acpi_mps_check' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1110:2: error: implicit declaration of function 'acpi_table_upgrade' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1112:2: error: implicit declaration of function 'acpi_boot_table_init' [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1120:2: error: implicit declaration of function 'early_acpi_boot_init'; did you mean 'early_cpu_init'? [-Werror=implicit-function-declaration] arch/x86/kernel/setup.c:1162:2: error: implicit declaration of function 'acpi_boot_init' [-Werror=implicit-function-declaration] # git bisect skip 7c314bdfb64e4bb8d2f829376ed56ce663483752 Bisecting: 3958 revisions left to test after this (roughly 12 steps) [884a76881fc5f5c9c04de1b640bed2c340929842] fscache: Procfile to display cookies testing commit 884a76881fc5f5c9c04de1b640bed2c340929842 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 2b0fabf1d2abe87fde347bd2605929f7dcc297300b955e33c26fadc1e7e536e4 run #0: basic kernel testing failed: possible deadlock in fs_reclaim_acquire run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK # git bisect good 884a76881fc5f5c9c04de1b640bed2c340929842 Bisecting: 3953 revisions left to test after this (roughly 12 steps) [1e1d9d6f119c55c05e8ea78ed3e49046690abffd] mptcp: handle pending data on closed subflow testing commit 1e1d9d6f119c55c05e8ea78ed3e49046690abffd compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3a33878b78a10279a5c078833e7f44b7420a52608c7b78e5864a8c9dbaeabeff all runs: OK # git bisect good 1e1d9d6f119c55c05e8ea78ed3e49046690abffd Bisecting: 3797 revisions left to test after this (roughly 12 steps) [ea7b4244b3656ca33b19a950f092b5bbc718b40c] x86/setup: Explicitly include acpi.h testing commit ea7b4244b3656ca33b19a950f092b5bbc718b40c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 1d7020da05a7acd598f8f87146ab8cc71326405459754af6bb2e6fae10edfa89 run #0: OK run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: boot failed: possible deadlock in blktrans_open # git bisect good ea7b4244b3656ca33b19a950f092b5bbc718b40c Bisecting: 1884 revisions left to test after this (roughly 11 steps) [57c78a234e809e3a0516491e37ae5ccc6eeb21e8] Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux testing commit 57c78a234e809e3a0516491e37ae5ccc6eeb21e8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: b0ed4b418a5978f050c1d3f3493d09f81a8ffba8d8226ef096c37a4e2d45232b all runs: OK # git bisect good 57c78a234e809e3a0516491e37ae5ccc6eeb21e8 Bisecting: 941 revisions left to test after this (roughly 10 steps) [75ae663d053bddf7c70a24cccf53c83ae03deff8] iwlwifi: mvm: add rtnl_lock() in iwl_mvm_start_get_nvm() testing commit 75ae663d053bddf7c70a24cccf53c83ae03deff8 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 6168e352aa6651137835bc71096702ba39f35e7f2a3c37f51c76ffda65af3ce4 all runs: OK # git bisect good 75ae663d053bddf7c70a24cccf53c83ae03deff8 Bisecting: 489 revisions left to test after this (roughly 9 steps) [75d6e7d9ced83e937757e278c3ce1ccd6606a96a] Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux testing commit 75d6e7d9ced83e937757e278c3ce1ccd6606a96a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 4611e3d8bf2156e5d73d6ab2f56ae7ecf0b45ca1d48cc1426f56fb6a3a4f83cb all runs: crashed: WARNING: kmalloc bug in check_btf_line # git bisect bad 75d6e7d9ced83e937757e278c3ce1ccd6606a96a Bisecting: 220 revisions left to test after this (roughly 8 steps) [89b6b8cd92c068cd1bdf877ec7fb1392568ef35d] Merge tag 'vfio-v5.15-rc1' of git://github.com/awilliam/linux-vfio testing commit 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 5c9bb02ce68e6f481d0bdd9885a50d871e47903f8534b3b873a834c0306f1c6c all runs: crashed: WARNING: kmalloc bug in check_btf_line # git bisect bad 89b6b8cd92c068cd1bdf877ec7fb1392568ef35d Bisecting: 116 revisions left to test after this (roughly 7 steps) [4a3bb4200a5958d76cc26ebe4db4257efa56812b] Merge tag 'dma-mapping-5.15' of git://git.infradead.org/users/hch/dma-mapping testing commit 4a3bb4200a5958d76cc26ebe4db4257efa56812b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: ac64cc0624c3cf0d8f49c1b5900de72d30f6ec8e1e73a5319bf9780d681d1a1b all runs: crashed: WARNING: kmalloc bug in check_btf_line # git bisect bad 4a3bb4200a5958d76cc26ebe4db4257efa56812b Bisecting: 54 revisions left to test after this (roughly 6 steps) [111c1aa8cad4a0069dfe98fc093507b5b2cdfda7] Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 testing commit 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 26c40bdc234787dc0aeb31ea946083bdd006c654b9212b9f6054f8ed7a34dafd all runs: OK # git bisect good 111c1aa8cad4a0069dfe98fc093507b5b2cdfda7 Bisecting: 27 revisions left to test after this (roughly 5 steps) [70d6aa0ecfed253a2b14659a6c77359af6d9b3ee] dma-mapping: allow using the global coherent pool for !ARM testing commit 70d6aa0ecfed253a2b14659a6c77359af6d9b3ee compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 7242037ab1663917fd9ae19b9821022701c544aaf714bfaa94eeb2d791762431 all runs: OK # git bisect good 70d6aa0ecfed253a2b14659a6c77359af6d9b3ee Bisecting: 13 revisions left to test after this (roughly 4 steps) [aee742c9928ab4f5f4e0b00f41fb2d2cffae179e] fs: dlm: fix return -EINTR on recovery stopped testing commit aee742c9928ab4f5f4e0b00f41fb2d2cffae179e compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: bab9256cb675cd4b79bc415bd4b99d60a8066ecc735aaae7a47e2f9b96b70b67 all runs: OK # git bisect good aee742c9928ab4f5f4e0b00f41fb2d2cffae179e Bisecting: 4 revisions left to test after this (roughly 3 steps) [eceae1e7acaefc0a71e4dd4b8cd49270172b4731] Merge tag 'configfs-5.15' of git://git.infradead.org/users/hch/configfs testing commit eceae1e7acaefc0a71e4dd4b8cd49270172b4731 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 5fac4d3414b902095e7ffc6e13dfe0108c6e73528d3501b8e4e125e6ea76ee3f all runs: crashed: WARNING: kmalloc bug in check_btf_line # git bisect bad eceae1e7acaefc0a71e4dd4b8cd49270172b4731 Bisecting: 4 revisions left to test after this (roughly 2 steps) [265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d] Merge tag 'dlm-5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm testing commit 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 93c1e733158e29cf94f46bab5f077fd59bb52114ad53a3589c652abc02ed703d all runs: crashed: WARNING: kmalloc bug in check_btf_line # git bisect bad 265113f70f3d63ae8b6eb1ce4303d14dbbd71b2d Bisecting: 1 revision left to test after this (roughly 1 step) [b0cfcdd9b9672ea90642f33d6c0dd8516553adf2] d_path: make 'prepend()' fill up the buffer exactly on overflow testing commit b0cfcdd9b9672ea90642f33d6c0dd8516553adf2 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 328a784e969d79cae14f13b0cf7e1169d6491dc2cc26fe79726b090a71eb69a0 all runs: crashed: WARNING: kmalloc bug in check_btf_line # git bisect bad b0cfcdd9b9672ea90642f33d6c0dd8516553adf2 Bisecting: 0 revisions left to test after this (roughly 0 steps) [7661809d493b426e979f39ab512e3adf41fbcc69] mm: don't allow oversized kvmalloc() calls testing commit 7661809d493b426e979f39ab512e3adf41fbcc69 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.1 kernel signature: 3b2440ea0dcba3e7aefbc89960f37f5a4f463e69f1517a2f6e53733de7ac4e14 all runs: crashed: WARNING: kmalloc bug in check_btf_line # git bisect bad 7661809d493b426e979f39ab512e3adf41fbcc69 7661809d493b426e979f39ab512e3adf41fbcc69 is the first bad commit commit 7661809d493b426e979f39ab512e3adf41fbcc69 Author: Linus Torvalds Date: Wed Jul 14 09:45:49 2021 -0700 mm: don't allow oversized kvmalloc() calls 'kvmalloc()' is a convenience function for people who want to do a kmalloc() but fall back on vmalloc() if there aren't enough physically contiguous pages, or if the allocation is larger than what kmalloc() supports. However, let's make sure it doesn't get _too_ easy to do crazy things with it. In particular, don't allow big allocations that could be due to integer overflow or underflow. So make sure the allocation size fits in an 'int', to protect against trivial integer conversion issues. Acked-by: Willy Tarreau Cc: Kees Cook Signed-off-by: Linus Torvalds mm/util.c | 4 ++++ 1 file changed, 4 insertions(+) culprit signature: 3b2440ea0dcba3e7aefbc89960f37f5a4f463e69f1517a2f6e53733de7ac4e14 parent signature: 26c40bdc234787dc0aeb31ea946083bdd006c654b9212b9f6054f8ed7a34dafd revisions tested: 24, total time: 5h57m35.504959516s (build: 3h4m54.04278198s, test: 2h49m31.045564996s) first bad commit: 7661809d493b426e979f39ab512e3adf41fbcc69 mm: don't allow oversized kvmalloc() calls recipients (to): ["akpm@linux-foundation.org" "linux-mm@kvack.org" "torvalds@linux-foundation.org" "w@1wt.eu"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: WARNING: kmalloc bug in check_btf_line ------------[ cut here ]------------ WARNING: CPU: 0 PID: 10930 at mm/util.c:597 kvmalloc_node+0x7b/0x90 mm/util.c:600 Modules linked in: CPU: 0 PID: 10930 Comm: syz-executor.3 Not tainted 5.14.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:kvmalloc_node+0x7b/0x90 mm/util.c:597 Code: 2b 48 8b 3c 24 8b 54 24 0c 48 81 ff ff ff ff 7f 77 18 4c 8b 44 24 18 48 83 c4 10 89 d1 89 ea 5d be 01 00 00 00 e9 25 03 0b 00 <0f> 0b 48 83 c4 10 5d c3 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 55 RSP: 0018:ffffc9000cb57758 EFLAGS: 00010212 RAX: 0000000000000000 RBX: ffffc9000cb57e18 RCX: 0000000400000000 RDX: 00000000ffffffff RSI: 0000000000000000 RDI: 0000000200004d00 RBP: 0000000000002dc0 R08: 0000000000012dc0 R09: 00000000ffffffff R10: ffffed1004e21a3f R11: 0000000000000000 R12: ffffc9000cb57e70 R13: 0000000000000001 R14: ffff888036a14010 R15: 0000000000000000 FS: 00007f40ff91a700(0000) GS:ffff8880b9f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f816793b000 CR3: 00000000460b0000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kvmalloc include/linux/mm.h:806 [inline] kvmalloc_array include/linux/mm.h:824 [inline] kvcalloc include/linux/mm.h:829 [inline] check_btf_line+0x16d/0x8a0 kernel/bpf/verifier.c:9925 check_btf_info kernel/bpf/verifier.c:10049 [inline] bpf_check+0x112e/0xabb0 kernel/bpf/verifier.c:13759 bpf_prog_load+0xc0c/0x1b40 kernel/bpf/syscall.c:2301 __sys_bpf+0x50a/0x44a0 kernel/bpf/syscall.c:4587 __do_sys_bpf kernel/bpf/syscall.c:4691 [inline] __se_sys_bpf kernel/bpf/syscall.c:4689 [inline] __x64_sys_bpf+0x70/0xb0 kernel/bpf/syscall.c:4689 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x4665f9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f40ff91a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665f9 RDX: 0000000000000078 RSI: 0000000020000500 RDI: 0000000000000005 RBP: 00000000004bfcc4 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056bf80 R13: 00007fff39c93ecf R14: 00007f40ff91a300 R15: 0000000000022000