bisecting fixing commit since 1d5a474240407c38ca8c7484a656ee39f585399c building syzkaller on 0a2584dd6205f108e11a521809ce61263f98f15c testing commit 1d5a474240407c38ca8c7484a656ee39f585399c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a87c5625de1a356d125b3bbb9bed0de696fe1a2a1d0e64351b7bd7c4610e461c run #0: basic kernel testing failed: timed out run #1: crashed: WARNING: kmalloc bug in bpf run #2: crashed: WARNING: kmalloc bug in bpf run #3: crashed: WARNING: kmalloc bug in bpf run #4: crashed: WARNING: kmalloc bug in bpf run #5: crashed: WARNING: kmalloc bug in bpf run #6: crashed: WARNING: kmalloc bug in bpf run #7: crashed: WARNING: kmalloc bug in bpf run #8: crashed: WARNING: kmalloc bug in bpf run #9: crashed: WARNING: kmalloc bug in bpf run #10: crashed: WARNING: kmalloc bug in bpf run #11: crashed: WARNING: kmalloc bug in bpf run #12: crashed: WARNING: kmalloc bug in bpf run #13: crashed: WARNING: kmalloc bug in bpf run #14: crashed: WARNING: kmalloc bug in bpf run #15: crashed: WARNING: kmalloc bug in bpf run #16: crashed: WARNING: kmalloc bug in bpf run #17: crashed: WARNING: kmalloc bug in bpf run #18: crashed: WARNING: kmalloc bug in bpf run #19: crashed: WARNING: kmalloc bug in bpf testing current HEAD fc06b2867f4cea543505acfb194c2be4ebf0c7d3 testing commit fc06b2867f4cea543505acfb194c2be4ebf0c7d3 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f210913b62a989f5c628e1d8638ba957e0ef4b274cd4a9a02ac4b100716e6185 all runs: OK # git bisect start fc06b2867f4cea543505acfb194c2be4ebf0c7d3 1d5a474240407c38ca8c7484a656ee39f585399c Bisecting: 14632 revisions left to test after this (roughly 14 steps) [a04b1bf574e1f4875ea91f5c62ca051666443200] Merge tag 'for-5.18/parisc-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux testing commit a04b1bf574e1f4875ea91f5c62ca051666443200 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: baf4075d117f39bbc8ca9ef76b631275f1da0a42705d9af9ee1c893a579d027a all runs: OK # git bisect bad a04b1bf574e1f4875ea91f5c62ca051666443200 Bisecting: 7326 revisions left to test after this (roughly 13 steps) [22ef12195e13c5ec58320dbf99ef85059a2c0820] Merge tag 'staging-5.17-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging testing commit 22ef12195e13c5ec58320dbf99ef85059a2c0820 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 48b1b499f32483718273e9c374feb941427d18b7d6c815d4250462edf2abfb5c run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: WARNING: kmalloc bug in bpf run #2: crashed: WARNING: kmalloc bug in bpf run #3: crashed: WARNING: kmalloc bug in bpf run #4: crashed: WARNING: kmalloc bug in bpf run #5: crashed: WARNING: kmalloc bug in bpf run #6: crashed: WARNING: kmalloc bug in bpf run #7: crashed: WARNING: kmalloc bug in bpf run #8: crashed: WARNING: kmalloc bug in bpf run #9: crashed: WARNING: kmalloc bug in bpf # git bisect good 22ef12195e13c5ec58320dbf99ef85059a2c0820 Bisecting: 3683 revisions left to test after this (roughly 12 steps) [46a10fc3a2beddd79dafc3cd800f14bde0844387] Merge tag 'rproc-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/remoteproc/linux testing commit 46a10fc3a2beddd79dafc3cd800f14bde0844387 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f574b63fdb0fece5fb62c9227021a288ae7745e166b4f5433cd4a976b69df53b all runs: crashed: WARNING: kmalloc bug in bpf # git bisect good 46a10fc3a2beddd79dafc3cd800f14bde0844387 Bisecting: 1841 revisions left to test after this (roughly 11 steps) [cc0def5b4ed61a262b88c67e6f8ed1a70c52c568] Merge tag 'optee-fixes-for-v5.17' of git://git.linaro.org/people/jens.wiklander/linux-tee into arm/fixes testing commit cc0def5b4ed61a262b88c67e6f8ed1a70c52c568 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4b2989633d7a6a160f3ff305a08ca01eba3ceb81f092786f5fa9aa38cf8e6396 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: exit status NUM run #1: crashed: WARNING: kmalloc bug in bpf run #2: crashed: WARNING: kmalloc bug in bpf run #3: crashed: WARNING: kmalloc bug in bpf run #4: crashed: WARNING: kmalloc bug in bpf run #5: crashed: WARNING: kmalloc bug in bpf run #6: crashed: WARNING: kmalloc bug in bpf run #7: crashed: WARNING: kmalloc bug in bpf run #8: crashed: WARNING: kmalloc bug in bpf run #9: crashed: WARNING: kmalloc bug in bpf # git bisect good cc0def5b4ed61a262b88c67e6f8ed1a70c52c568 Bisecting: 920 revisions left to test after this (roughly 10 steps) [cf90e2f1de977fb79873b1eaf6df113e4e8b4469] Merge tag 'qcom-dts-fixes-for-5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/qcom/linux into arm/fixes testing commit cf90e2f1de977fb79873b1eaf6df113e4e8b4469 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 11f0c01bd112fb408c08dd3b78e1cbb376cd87b407877b6536864b8848b409aa all runs: crashed: WARNING: kmalloc bug in bpf # git bisect good cf90e2f1de977fb79873b1eaf6df113e4e8b4469 Bisecting: 459 revisions left to test after this (roughly 9 steps) [186d32bbf034417b40e2b4e773eeb8ef106c16c1] Merge tag 'net-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net testing commit 186d32bbf034417b40e2b4e773eeb8ef106c16c1 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 8070e53d3ad9abb6d873732fbed3068d71604692ac3162c0240be0b0256f963c all runs: OK # git bisect bad 186d32bbf034417b40e2b4e773eeb8ef106c16c1 Bisecting: 230 revisions left to test after this (roughly 8 steps) [55c4bf4d93bec773eb373f048ed8c6c53b96d8eb] Merge tag 'mlx5-fixes-2022-03-09' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux testing commit 55c4bf4d93bec773eb373f048ed8c6c53b96d8eb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bfc3d39d3b8bd78a2c8ab689a7ce27f51736fe5118d67e7507a2efd472095f5c all runs: crashed: WARNING: kmalloc bug in bpf # git bisect good 55c4bf4d93bec773eb373f048ed8c6c53b96d8eb Bisecting: 118 revisions left to test after this (roughly 7 steps) [ea4424be16887a37735d6550cfd0611528dbe5d9] Merge tag 'mtd/fixes-for-5.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mtd/linux testing commit ea4424be16887a37735d6550cfd0611528dbe5d9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2eaedb1188e256976b0c32b1fad9c52a76e69d5f8c1cf5aefbec7332f08ea8fe all runs: OK # git bisect bad ea4424be16887a37735d6550cfd0611528dbe5d9 Bisecting: 59 revisions left to test after this (roughly 6 steps) [d1eff16d727ff257b706d32114d3881f67cc9c75] configs/debug: set CONFIG_DEBUG_INFO=y properly testing commit d1eff16d727ff257b706d32114d3881f67cc9c75 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 1ed335a5efe92d6e2e2eef1ce81c05494814ba1fb3ccfba4526f045dd0b86067 all runs: OK # git bisect bad d1eff16d727ff257b706d32114d3881f67cc9c75 Bisecting: 27 revisions left to test after this (roughly 5 steps) [c4fc118ae26f9d4e5885d151f9b0f96467a136da] Merge tag 'drm-fixes-2022-03-04' of git://anongit.freedesktop.org/drm/drm testing commit c4fc118ae26f9d4e5885d151f9b0f96467a136da compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: a72208451236d4d7233102ed89ec983d9d8458f4a79affc04704cc91db4454ad all runs: OK # git bisect bad c4fc118ae26f9d4e5885d151f9b0f96467a136da Bisecting: 12 revisions left to test after this (roughly 4 steps) [0d9f0ee17b3f57012e6b8530d6b9e80f138a8e28] Merge tag 'drm-intel-fixes-2022-03-03' of git://anongit.freedesktop.org/drm/drm-intel into drm-fixes testing commit 0d9f0ee17b3f57012e6b8530d6b9e80f138a8e28 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 5fe3ae0bc8ccb8ffb0fa57448da155048d65220e754c48d605e8b91d1bfb0683 all runs: crashed: WARNING: kmalloc bug in bpf # git bisect good 0d9f0ee17b3f57012e6b8530d6b9e80f138a8e28 Bisecting: 6 revisions left to test after this (roughly 3 steps) [8fdb19679722a02fe21642d39710c701d2ed567a] Merge tag 'drm-misc-fixes-2022-03-03' of git://anongit.freedesktop.org/drm/drm-misc into drm-fixes testing commit 8fdb19679722a02fe21642d39710c701d2ed567a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4a191863f807c615213436a0d129d3eec7704d98911ccc09d6a3232af692924b all runs: crashed: WARNING: kmalloc bug in bpf # git bisect good 8fdb19679722a02fe21642d39710c701d2ed567a Bisecting: 3 revisions left to test after this (roughly 2 steps) [0708a0afe291bdfe1386d74d5ec1f0c27e8b9168] mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls testing commit 0708a0afe291bdfe1386d74d5ec1f0c27e8b9168 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: c85feb90268a91ee371c84a726358f7ba6dbe8af2d2c1170265a47244e6b22e9 all runs: OK # git bisect bad 0708a0afe291bdfe1386d74d5ec1f0c27e8b9168 Bisecting: 0 revisions left to test after this (roughly 1 step) [38f80f42147ff658aff218edb0a88c37e58bf44f] MAINTAINERS: Remove dead patchwork link testing commit 38f80f42147ff658aff218edb0a88c37e58bf44f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 193d2b1704576aae63adae763c7ffdb29c2622d6d2de3216bfce9f52ca8453da all runs: crashed: WARNING: kmalloc bug in bpf # git bisect good 38f80f42147ff658aff218edb0a88c37e58bf44f 0708a0afe291bdfe1386d74d5ec1f0c27e8b9168 is the first bad commit commit 0708a0afe291bdfe1386d74d5ec1f0c27e8b9168 Author: Daniel Borkmann Date: Fri Mar 4 15:26:32 2022 +0100 mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls syzkaller was recently triggering an oversized kvmalloc() warning via xdp_umem_create(). The triggered warning was added back in 7661809d493b ("mm: don't allow oversized kvmalloc() calls"). The rationale for the warning for huge kvmalloc sizes was as a reaction to a security bug where the size was more than UINT_MAX but not everything was prepared to handle unsigned long sizes. Anyway, the AF_XDP related call trace from this syzkaller report was: kvmalloc include/linux/mm.h:806 [inline] kvmalloc_array include/linux/mm.h:824 [inline] kvcalloc include/linux/mm.h:829 [inline] xdp_umem_pin_pages net/xdp/xdp_umem.c:102 [inline] xdp_umem_reg net/xdp/xdp_umem.c:219 [inline] xdp_umem_create+0x6a5/0xf00 net/xdp/xdp_umem.c:252 xsk_setsockopt+0x604/0x790 net/xdp/xsk.c:1068 __sys_setsockopt+0x1fd/0x4e0 net/socket.c:2176 __do_sys_setsockopt net/socket.c:2187 [inline] __se_sys_setsockopt net/socket.c:2184 [inline] __x64_sys_setsockopt+0xb5/0x150 net/socket.c:2184 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Björn mentioned that requests for >2GB allocation can still be valid: The structure that is being allocated is the page-pinning accounting. AF_XDP has an internal limit of U32_MAX pages, which is *a lot*, but still fewer than what memcg allows (PAGE_COUNTER_MAX is a LONG_MAX/ PAGE_SIZE on 64 bit systems). [...] I could just change from U32_MAX to INT_MAX, but as I stated earlier that has a hacky feeling to it. [...] From my perspective, the code isn't broken, with the memcg limits in consideration. [...] Linus says: [...] Pretty much every time this has come up, the kernel warning has shown that yes, the code was broken and there really wasn't a reason for doing allocations that big. Of course, some people would be perfectly fine with the allocation failing, they just don't want the warning. I didn't want __GFP_NOWARN to shut it up originally because I wanted people to see all those cases, but these days I think we can just say "yeah, people can shut it up explicitly by saying 'go ahead and fail this allocation, don't warn about it'". So enough time has passed that by now I'd certainly be ok with [it]. Thus allow call-sites to silence such userspace triggered splats if the allocation requests have __GFP_NOWARN. For xdp_umem_pin_pages()'s call to kvcalloc() this is already the case, so nothing else needed there. Fixes: 7661809d493b ("mm: don't allow oversized kvmalloc() calls") Reported-by: syzbot+11421fbbff99b989670e@syzkaller.appspotmail.com Suggested-by: Linus Torvalds Signed-off-by: Daniel Borkmann Tested-by: syzbot+11421fbbff99b989670e@syzkaller.appspotmail.com Cc: Björn Töpel Cc: Magnus Karlsson Cc: Willy Tarreau Cc: Andrew Morton Cc: Alexei Starovoitov Cc: Andrii Nakryiko Cc: Jakub Kicinski Cc: David S. Miller Link: https://lore.kernel.org/bpf/CAJ+HfNhyfsT5cS_U9EC213ducHs9k9zNxX9+abqC0kTrPbQ0gg@mail.gmail.com Link: https://lore.kernel.org/bpf/20211201202905.b9892171e3f5b9a60f9da251@linux-foundation.org Reviewed-by: Leon Romanovsky Ackd-by: Michal Hocko Signed-off-by: Linus Torvalds mm/util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) culprit signature: c85feb90268a91ee371c84a726358f7ba6dbe8af2d2c1170265a47244e6b22e9 parent signature: 193d2b1704576aae63adae763c7ffdb29c2622d6d2de3216bfce9f52ca8453da revisions tested: 16, total time: 3h0m32.308538378s (build: 1h36m12.399447976s, test: 1h22m35.360151513s) first good commit: 0708a0afe291bdfe1386d74d5ec1f0c27e8b9168 mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls recipients (to): ["daniel@iogearbox.net" "leonro@nvidia.com" "syzbot+11421fbbff99b989670e@syzkaller.appspotmail.com" "torvalds@linux-foundation.org"] recipients (cc): []