[syzbot] [bpf?] [net?] WARNING: zero-size vmalloc in xskq_create

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+b132693e925cbbd89e26@syzkaller.appspotmail.com>
To: andrii@kernel.org, ast@kernel.org, bjorn@kernel.org,
	bpf@vger.kernel.org,  daniel@iogearbox.net, davem@davemloft.net,
	edumazet@google.com,  hawk@kernel.org, john.fastabend@gmail.com,
	jonathan.lemon@gmail.com,  kuba@kernel.org,
	linux-kernel@vger.kernel.org, maciej.fijalkowski@intel.com,
	 magnus.karlsson@intel.com, netdev@vger.kernel.org,
	pabeni@redhat.com,  syzkaller-bugs@googlegroups.com
Subject: [syzbot] [bpf?] [net?] WARNING: zero-size vmalloc in xskq_create
Date: Wed, 04 Oct 2023 15:38:51 -0700	[thread overview]
Message-ID: <000000000000e20df20606ebab4f@google.com> (raw)

Hello,

syzbot found the following issue on:

HEAD commit:    cbf3a2cb156a Merge tag 'nfs-for-6.6-3' of git://git.linux-..
git tree:       upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1706797c680000
kernel config:  https://syzkaller.appspot.com/x/.config?x=6b4e3baedc34d5e0
dashboard link: https://syzkaller.appspot.com/bug?extid=b132693e925cbbd89e26
compiler:       arm-linux-gnueabi-gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40
userspace arch: arm

Unfortunately, I don't have any reproducer for this issue yet.

Downloadable assets:
disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/8ead8862021c/non_bootable_disk-cbf3a2cb.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/a4d0b2b619dd/vmlinux-cbf3a2cb.xz
kernel image: https://storage.googleapis.com/syzbot-assets/3a3810831d66/zImage-cbf3a2cb.xz

IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b132693e925cbbd89e26@syzkaller.appspotmail.com

------------[ cut here ]------------
WARNING: CPU: 1 PID: 6300 at mm/vmalloc.c:3247 __vmalloc_node_range+0x448/0x54c mm/vmalloc.c:3247
Modules linked in:
Kernel panic - not syncing: kernel: panic_on_warn set ...
CPU: 1 PID: 6300 Comm: syz-executor.1 Not tainted 6.6.0-rc4-syzkaller #0
Hardware name: ARM-Versatile Express
Backtrace: 
[<8181d9c0>] (dump_backtrace) from [<8181dabc>] (show_stack+0x18/0x1c arch/arm/kernel/traps.c:256)
 r7:00000000 r6:82622a04 r5:60000093 r4:81fb565c
[<8181daa4>] (show_stack) from [<8183adac>] (__dump_stack lib/dump_stack.c:88 [inline])
[<8181daa4>] (show_stack) from [<8183adac>] (dump_stack_lvl+0x48/0x54 lib/dump_stack.c:106)
[<8183ad64>] (dump_stack_lvl) from [<8183add0>] (dump_stack+0x18/0x1c lib/dump_stack.c:113)
 r5:00000000 r4:82854d14
[<8183adb8>] (dump_stack) from [<8181e564>] (panic+0x120/0x374 kernel/panic.c:340)
[<8181e444>] (panic) from [<80242e4c>] (check_panic_on_warn kernel/panic.c:236 [inline])
[<8181e444>] (panic) from [<80242e4c>] (print_tainted+0x0/0xa0 kernel/panic.c:231)
 r3:8260c484 r2:00000001 r1:81f9e164 r0:81fa5d18
 r7:8048685c
[<80242dd8>] (check_panic_on_warn) from [<80243040>] (__warn+0x7c/0x180 kernel/panic.c:673)
[<80242fc4>] (__warn) from [<802432bc>] (warn_slowpath_fmt+0x178/0x1f4 kernel/panic.c:698)
 r8:00000009 r7:81fcbdd8 r6:eaec9df4 r5:84520000 r4:00000000
[<80243148>] (warn_slowpath_fmt) from [<8048685c>] (__vmalloc_node_range+0x448/0x54c mm/vmalloc.c:3247)
 r10:00000126 r9:84520000 r8:ffffffff r7:ff800000 r6:00000dc0 r5:00000000
 r4:00000000
[<80486414>] (__vmalloc_node_range) from [<80486a38>] (vmalloc_user+0x6c/0x74 mm/vmalloc.c:3474)
 r10:00000126 r9:84520000 r8:8bcb4640 r7:00000000 r6:00000000 r5:89ddc040
 r4:00000000
[<804869cc>] (vmalloc_user) from [<817cc7c8>] (xskq_create+0x74/0xc0 net/xdp/xsk_queue.c:39)
[<817cc754>] (xskq_create) from [<817caddc>] (xsk_init_queue net/xdp/xsk.c:952 [inline])
[<817cc754>] (xskq_create) from [<817caddc>] (xsk_setsockopt+0x1d0/0x2c8 net/xdp/xsk.c:1286)
 r7:8bcb46b0 r6:8bcb4400 r5:00000000 r4:00000002
[<817cac10>] (xsk_setsockopt) from [<8134280c>] (__sys_setsockopt+0xd8/0x1c8 net/socket.c:2308)
 r8:80200288 r7:00000126 r6:20000280 r5:89886f00 r4:817cac0c
[<81342734>] (__sys_setsockopt) from [<81342918>] (__do_sys_setsockopt net/socket.c:2319 [inline])
[<81342734>] (__sys_setsockopt) from [<81342918>] (sys_setsockopt+0x1c/0x24 net/socket.c:2316)
 r6:0014c2c8 r5:00000000 r4:00000020
[<813428fc>] (sys_setsockopt) from [<80200060>] (ret_fast_syscall+0x0/0x1c arch/arm/mm/proc-v7.S:66)
Exception stack(0xeaec9fa8 to 0xeaec9ff0)
9fa0:                   00000020 00000000 00000003 0000011b 00000002 20000280
9fc0: 00000020 00000000 0014c2c8 00000126 7ea3332e 7ea3332f 003d0f00 76b4c0fc
9fe0: 76b4bf08 76b4bef8 00016688 000509e0
Rebooting in 86400 seconds..


---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.

syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

If the bug is already fixed, let syzbot know by replying with:
#syz fix: exact-commit-title

If you want to overwrite bug's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)

If the bug is a duplicate of another bug, reply with:
#syz dup: exact-subject-of-another-report

If you want to undo deduplication, reply with:
#syz undup

                 reply	other threads:[~2023-10-04 22:39 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=000000000000e20df20606ebab4f@google.com \
    --to=syzbot+b132693e925cbbd89e26@syzkaller.appspotmail.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bjorn@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=daniel@iogearbox.net \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=hawk@kernel.org \
    --cc=john.fastabend@gmail.com \
    --cc=jonathan.lemon@gmail.com \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=maciej.fijalkowski@intel.com \
    --cc=magnus.karlsson@intel.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=syzkaller-bugs@googlegroups.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.