Re: kernel BUG at mm/vmalloc.c:LINE! (2)
On Sun, Jan 10, 2021 at 10:34 PM syzbot wrote: > > syzbot suspects this issue was fixed by commit: > > commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29 > Author: Magnus Karlsson > Date: Fri Nov 20 11:53:39 2020 + > > xsk: Fix umem cleanup bug at socket destruct > > bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=139f3dfb50 > start commit: e87d24fc Merge branch 'net-iucv-fixes-2020-11-09' > git tree: net > kernel config: https://syzkaller.appspot.com/x/.config?x=61033507391c77ff > dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10d1000650 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=126c9eaa50 > > If the result looks correct, please mark the issue as fixed by replying with: > > #syz fix: xsk: Fix umem cleanup bug at socket destruct > > For information about bisection process see: https://goo.gl/tpsmEJ#bisection FTR, the bisection log looks clean, but this does not look like the fix for this. The reproducer does not destroy sockets.
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
syzbot suspects this issue was fixed by commit: commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29 Author: Magnus Karlsson Date: Fri Nov 20 11:53:39 2020 + xsk: Fix umem cleanup bug at socket destruct bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=139f3dfb50 start commit: e87d24fc Merge branch 'net-iucv-fixes-2020-11-09' git tree: net kernel config: https://syzkaller.appspot.com/x/.config?x=61033507391c77ff dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=10d1000650 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=126c9eaa50 If the result looks correct, please mark the issue as fixed by replying with: #syz fix: xsk: Fix umem cleanup bug at socket destruct For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
Stephen Rothwell writes: >> All a bit mysterious. I think it's best that we revert this from >> linux-next until we hear from Ingo. I queued a patch - I expect >> Stephen will see and grab it, thanks. > > In the end I actually did the revert (of the revert) in the merge of > the tip tree (so that -next will bisect better if necessary). So you > will not need the revert in your quilt series after today. Sigh. I have no idea why this was in tip auto-latest. I just reintegrated that branch and the annoyance should be gone now. Sorry for not paying attention. Thanks, tglx
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
Hi Andrew, On Thu, 23 Jul 2020 19:50:29 -0700 Andrew Morton wrote: > > On Wed, 22 Jul 2020 16:46:50 +0200 Uladzislau Rezki wrote: > > All a bit mysterious. I think it's best that we revert this from > linux-next until we hear from Ingo. I queued a patch - I expect > Stephen will see and grab it, thanks. In the end I actually did the revert (of the revert) in the merge of the tip tree (so that -next will bisect better if necessary). So you will not need the revert in your quilt series after today. -- Cheers, Stephen Rothwell pgphlGkoXLAUT.pgp Description: OpenPGP digital signature
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
Hi Andrew, On Thu, 23 Jul 2020 19:50:29 -0700 Andrew Morton wrote: > > All a bit mysterious. I think it's best that we revert this from > linux-next until we hear from Ingo. I queued a patch - I expect > Stephen will see and grab it, thanks. Wiil do. -- Cheers, Stephen Rothwell pgpLGs7XQbI2k.pgp Description: OpenPGP digital signature
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
On Wed, 22 Jul 2020 16:46:50 +0200 Uladzislau Rezki wrote: > > > I can check further, but it can be it was not correctly reverted, > > > because everything should work just fine even with the revert, > > > though i i do not understand a reason of reverting. > > > > Vlad, how sure are you about this? We also start to trigger this now on > > linux-next, but the reverting patch surely looks like doggy without any > > useful > > information in the commit description. > > > Hello, Andrew, Qian. > > I am not aware of reason of the revert, though i tried to get through Ingo. > I can send out a patch that fixes the revert. Another option to drop the > revert, but it is up to Andrew and Ingo. > > Andrew, could you please comment on? All a bit mysterious. I think it's best that we revert this from linux-next until we hear from Ingo. I queued a patch - I expect Stephen will see and grab it, thanks.
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
> > > syzbot has found a reproducer for the following issue on: > > > > > > HEAD commit:ab8be66e Add linux-next specific files for 20200720 > > > git tree: linux-next > > > console output: https://syzkaller.appspot.com/x/log.txt?x=161a0cc890 > > > kernel config: https://syzkaller.appspot.com/x/.config?x=c4bf77d63d0cf88c > > > dashboard link: > > > https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87 > > > compiler: gcc (GCC) 10.1.0-syz 20200507 > > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151192bb10 > > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d7a87310 > > > > > > IMPORTANT: if you fix the issue, please add the following tag to the > > > commit: > > > Reported-by: syzbot+5f326d255ca648131...@syzkaller.appspotmail.com > > > > > > [ cut here ] > > > kernel BUG at mm/vmalloc.c:3089! > > > invalid opcode: [#1] PREEMPT SMP KASAN > > > CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted > > > 5.8.0-rc6-next-20200720-syzkaller #0 > > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > > Google 01/01/2011 > > > Workqueue: events pcpu_balance_workfn > > > RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] > > > RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] > > > RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 > > > Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 > > > 2c 48 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 > > > c3 c9 ff 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 > > > RSP: 0018:c9d2fba8 EFLAGS: 00010293 > > > RAX: RBX: 8880a801be00 RCX: > > > RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 > > > RBP: 8880a2b38180 R08: R09: 89cfecc3 > > > R10: fbfff139fd98 R11: R12: > > > R13: 0001 R14: dc00 R15: 8880a801be00 > > > FS: () GS:8880ae60() > > > knlGS: > > > CS: 0010 DS: ES: CR0: 80050033 > > > CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 > > > DR0: DR1: DR2: > > > DR3: DR6: fffe0ff0 DR7: 0400 > > > Call Trace: > > > pcpu_destroy_chunk mm/percpu-vm.c:366 [inline] > > > __pcpu_balance_workfn mm/percpu.c:1982 [inline] > > > pcpu_balance_workfn+0x8b3/0x1310 mm/percpu.c:2069 > > > process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 > > > worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 > > > kthread+0x3b5/0x4a0 kernel/kthread.c:292 > > > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 > > > Modules linked in: > > > ---[ end trace 6a2e56ec52e1f480 ]--- > > > RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] > > > RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] > > > RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 > > > Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 > > > 2c 48 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 > > > c3 c9 ff 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 > > > RSP: 0018:c9d2fba8 EFLAGS: 00010293 > > > RAX: RBX: 8880a801be00 RCX: > > > RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 > > > RBP: 8880a2b38180 R08: R09: 89cfecc3 > > > R10: fbfff139fd98 R11: R12: > > > R13: 0001 R14: dc00 R15: 8880a801be00 > > > FS: () GS:8880ae60() > > > knlGS: > > > CS: 0010 DS: ES: CR0: 80050033 > > > CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 > > > DR0: DR1: DR2: > > > DR3: DR6: fffe0ff0 DR7: 0400 > > > > > That is because of below revert: > > > > > > commit bdbfb1d52d5e576c1d275fd8ab59b677011229e8 > > Author: Ingo Molnar > > Date: Sun Jun 7 21:12:51 2020 +0200 > > > > Revert "mm/vmalloc: modify struct vmap_area to reduce its size" > > > > This reverts commit 688fcbfc06e4fdfbb7e1d5a942a1460fe6379d2d. > > > > Signed-off-by: Ingo Molnar > > > > Conflicts: > > mm/vmalloc.c > > > > > > I can check further, but it can be it was not correctly reverted, > > because everything should work just fine even with the revert, > > though i i do not understand a reason of reverting. > > Vlad, how sure are you about this? We also start to trigger this now on > linux-next, but the reverting patch surely looks like doggy without any useful > information in the commit description. > Hello, Andrew, Qian. I am not aware of reason of the revert, though i tried to get through Ingo. I can send out a patch that fixes the revert. Another option
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
On Mon, Jul 20, 2020 at 10:06:18PM +0200, Uladzislau Rezki wrote: > On Mon, Jul 20, 2020 at 09:48:21AM -0700, syzbot wrote: > > syzbot has found a reproducer for the following issue on: > > > > HEAD commit:ab8be66e Add linux-next specific files for 20200720 > > git tree: linux-next > > console output: https://syzkaller.appspot.com/x/log.txt?x=161a0cc890 > > kernel config: https://syzkaller.appspot.com/x/.config?x=c4bf77d63d0cf88c > > dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87 > > compiler: gcc (GCC) 10.1.0-syz 20200507 > > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151192bb10 > > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d7a87310 > > > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > > Reported-by: syzbot+5f326d255ca648131...@syzkaller.appspotmail.com > > > > [ cut here ] > > kernel BUG at mm/vmalloc.c:3089! > > invalid opcode: [#1] PREEMPT SMP KASAN > > CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted > > 5.8.0-rc6-next-20200720-syzkaller #0 > > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > > Google 01/01/2011 > > Workqueue: events pcpu_balance_workfn > > RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] > > RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] > > RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 > > Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 2c > > 48 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 c3 > > c9 ff 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 > > RSP: 0018:c9d2fba8 EFLAGS: 00010293 > > RAX: RBX: 8880a801be00 RCX: > > RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 > > RBP: 8880a2b38180 R08: R09: 89cfecc3 > > R10: fbfff139fd98 R11: R12: > > R13: 0001 R14: dc00 R15: 8880a801be00 > > FS: () GS:8880ae60() knlGS: > > CS: 0010 DS: ES: CR0: 80050033 > > CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 > > DR0: DR1: DR2: > > DR3: DR6: fffe0ff0 DR7: 0400 > > Call Trace: > > pcpu_destroy_chunk mm/percpu-vm.c:366 [inline] > > __pcpu_balance_workfn mm/percpu.c:1982 [inline] > > pcpu_balance_workfn+0x8b3/0x1310 mm/percpu.c:2069 > > process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 > > worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 > > kthread+0x3b5/0x4a0 kernel/kthread.c:292 > > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 > > Modules linked in: > > ---[ end trace 6a2e56ec52e1f480 ]--- > > RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] > > RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] > > RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 > > Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 2c > > 48 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 c3 > > c9 ff 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 > > RSP: 0018:c9d2fba8 EFLAGS: 00010293 > > RAX: RBX: 8880a801be00 RCX: > > RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 > > RBP: 8880a2b38180 R08: R09: 89cfecc3 > > R10: fbfff139fd98 R11: R12: > > R13: 0001 R14: dc00 R15: 8880a801be00 > > FS: () GS:8880ae60() knlGS: > > CS: 0010 DS: ES: CR0: 80050033 > > CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 > > DR0: DR1: DR2: > > DR3: DR6: fffe0ff0 DR7: 0400 > > > That is because of below revert: > > > commit bdbfb1d52d5e576c1d275fd8ab59b677011229e8 > Author: Ingo Molnar > Date: Sun Jun 7 21:12:51 2020 +0200 > > Revert "mm/vmalloc: modify struct vmap_area to reduce its size" > > This reverts commit 688fcbfc06e4fdfbb7e1d5a942a1460fe6379d2d. > > Signed-off-by: Ingo Molnar > > Conflicts: > mm/vmalloc.c > > > I can check further, but it can be it was not correctly reverted, > because everything should work just fine even with the revert, > though i i do not understand a reason of reverting. Vlad, how sure are you about this? We also start to trigger this now on linux-next, but the reverting patch surely looks like doggy without any useful information in the commit description.
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
syzbot has bisected this issue to:
commit bdbfb1d52d5e576c1d275fd8ab59b677011229e8
Author: Ingo Molnar
Date: Sun Jun 7 19:12:51 2020 +
Revert "mm/vmalloc: modify struct vmap_area to reduce its size"
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=166e6b7f10
start commit: ab8be66e Add linux-next specific files for 20200720
git tree: linux-next
final oops: https://syzkaller.appspot.com/x/report.txt?x=156e6b7f10
console output: https://syzkaller.appspot.com/x/log.txt?x=116e6b7f10
kernel config: https://syzkaller.appspot.com/x/.config?x=c4bf77d63d0cf88c
dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151192bb10
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d7a87310
Reported-by: syzbot+5f326d255ca648131...@syzkaller.appspotmail.com
Fixes: bdbfb1d52d5e ("Revert "mm/vmalloc: modify struct vmap_area to reduce its
size"")
For information about bisection process see: https://goo.gl/tpsmEJ#bisection
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
On Mon, Jul 20, 2020 at 09:48:21AM -0700, syzbot wrote: > syzbot has found a reproducer for the following issue on: > > HEAD commit:ab8be66e Add linux-next specific files for 20200720 > git tree: linux-next > console output: https://syzkaller.appspot.com/x/log.txt?x=161a0cc890 > kernel config: https://syzkaller.appspot.com/x/.config?x=c4bf77d63d0cf88c > dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87 > compiler: gcc (GCC) 10.1.0-syz 20200507 > syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151192bb10 > C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d7a87310 > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+5f326d255ca648131...@syzkaller.appspotmail.com > > [ cut here ] > kernel BUG at mm/vmalloc.c:3089! > invalid opcode: [#1] PREEMPT SMP KASAN > CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted > 5.8.0-rc6-next-20200720-syzkaller #0 > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS > Google 01/01/2011 > Workqueue: events pcpu_balance_workfn > RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] > RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] > RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 > Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 2c 48 > 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 c3 c9 ff > 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 > RSP: 0018:c9d2fba8 EFLAGS: 00010293 > RAX: RBX: 8880a801be00 RCX: > RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 > RBP: 8880a2b38180 R08: R09: 89cfecc3 > R10: fbfff139fd98 R11: R12: > R13: 0001 R14: dc00 R15: 8880a801be00 > FS: () GS:8880ae60() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 > DR0: DR1: DR2: > DR3: DR6: fffe0ff0 DR7: 0400 > Call Trace: > pcpu_destroy_chunk mm/percpu-vm.c:366 [inline] > __pcpu_balance_workfn mm/percpu.c:1982 [inline] > pcpu_balance_workfn+0x8b3/0x1310 mm/percpu.c:2069 > process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 > worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 > kthread+0x3b5/0x4a0 kernel/kthread.c:292 > ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 > Modules linked in: > ---[ end trace 6a2e56ec52e1f480 ]--- > RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] > RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] > RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 > Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 2c 48 > 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 c3 c9 ff > 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 > RSP: 0018:c9d2fba8 EFLAGS: 00010293 > RAX: RBX: 8880a801be00 RCX: > RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 > RBP: 8880a2b38180 R08: R09: 89cfecc3 > R10: fbfff139fd98 R11: R12: > R13: 0001 R14: dc00 R15: 8880a801be00 > FS: () GS:8880ae60() knlGS: > CS: 0010 DS: ES: CR0: 80050033 > CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 > DR0: DR1: DR2: > DR3: DR6: fffe0ff0 DR7: 0400 > That is because of below revert: commit bdbfb1d52d5e576c1d275fd8ab59b677011229e8 Author: Ingo Molnar Date: Sun Jun 7 21:12:51 2020 +0200 Revert "mm/vmalloc: modify struct vmap_area to reduce its size" This reverts commit 688fcbfc06e4fdfbb7e1d5a942a1460fe6379d2d. Signed-off-by: Ingo Molnar Conflicts: mm/vmalloc.c I can check further, but it can be it was not correctly reverted, because everything should work just fine even with the revert, though i i do not understand a reason of reverting. -- Vlad Rezki
Re: kernel BUG at mm/vmalloc.c:LINE! (2)
syzbot has found a reproducer for the following issue on: HEAD commit:ab8be66e Add linux-next specific files for 20200720 git tree: linux-next console output: https://syzkaller.appspot.com/x/log.txt?x=161a0cc890 kernel config: https://syzkaller.appspot.com/x/.config?x=c4bf77d63d0cf88c dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87 compiler: gcc (GCC) 10.1.0-syz 20200507 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=151192bb10 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=12d7a87310 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+5f326d255ca648131...@syzkaller.appspotmail.com [ cut here ] kernel BUG at mm/vmalloc.c:3089! invalid opcode: [#1] PREEMPT SMP KASAN CPU: 0 PID: 12 Comm: kworker/0:1 Not tainted 5.8.0-rc6-next-20200720-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: events pcpu_balance_workfn RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 2c 48 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 c3 c9 ff 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 RSP: 0018:c9d2fba8 EFLAGS: 00010293 RAX: RBX: 8880a801be00 RCX: RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 RBP: 8880a2b38180 R08: R09: 89cfecc3 R10: fbfff139fd98 R11: R12: R13: 0001 R14: dc00 R15: 8880a801be00 FS: () GS:8880ae60() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: pcpu_destroy_chunk mm/percpu-vm.c:366 [inline] __pcpu_balance_workfn mm/percpu.c:1982 [inline] pcpu_balance_workfn+0x8b3/0x1310 mm/percpu.c:2069 process_one_work+0x94c/0x1670 kernel/workqueue.c:2269 worker_thread+0x64c/0x1120 kernel/workqueue.c:2415 kthread+0x3b5/0x4a0 kernel/kthread.c:292 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294 Modules linked in: ---[ end trace 6a2e56ec52e1f480 ]--- RIP: 0010:free_vm_area mm/vmalloc.c:3089 [inline] RIP: 0010:free_vm_area mm/vmalloc.c:3085 [inline] RIP: 0010:pcpu_free_vm_areas+0x96/0xc0 mm/vmalloc.c:3432 Code: 75 48 48 8b 2b 48 8d 7d 08 48 89 f8 48 c1 e8 03 42 80 3c 30 00 75 2c 48 8b 7d 08 e8 c4 c8 ff ff 48 39 c5 74 a5 e8 ea c3 c9 ff <0f> 0b e8 e3 c3 c9 ff 4c 89 ff 5b 5d 41 5c 41 5d 41 5e 41 5f e9 71 RSP: 0018:c9d2fba8 EFLAGS: 00010293 RAX: RBX: 8880a801be00 RCX: RDX: 8880a95fa300 RSI: 81aa7c76 RDI: 0001 RBP: 8880a2b38180 R08: R09: 89cfecc3 R10: fbfff139fd98 R11: R12: R13: 0001 R14: dc00 R15: 8880a801be00 FS: () GS:8880ae60() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 004c8e48 CR3: a4c08000 CR4: 001506f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400
kernel BUG at mm/vmalloc.c:LINE! (2)
Hello, syzbot found the following crash on: HEAD commit:7cc2a8ea Merge tag 'block-5.8-2020-07-01' of git://git.ker.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=129af75510 kernel config: https://syzkaller.appspot.com/x/.config?x=183dd243398ba7ec dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87 compiler: clang version 10.0.0 (https://github.com/llvm/llvm-project/ c2443155a0fb245c8f17f2c1c72b6ea391e86e81) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+5f326d255ca648131...@syzkaller.appspotmail.com [ cut here ] kernel BUG at mm/vmalloc.c:553! invalid opcode: [#1] PREEMPT SMP KASAN CPU: 0 PID: 3491 Comm: syz-executor.2 Not tainted 5.8.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:find_va_links mm/vmalloc.c:549 [inline] RIP: 0010:merge_or_add_vmap_area mm/vmalloc.c:778 [inline] RIP: 0010:__purge_vmap_area_lazy+0x18af/0x18c0 mm/vmalloc.c:1381 Code: e1 07 80 c1 03 38 c1 0f 8c f9 e8 ff ff 48 c7 c7 c8 2b 6d 89 e8 22 81 09 00 e9 e8 e8 ff ff e8 38 82 ca ff 0f 0b e8 31 82 ca ff <0f> 0b 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 e8 1b 82 ca ff RSP: 0018:c900187f7800 EFLAGS: 00010283 RAX: 81a9f9df RBX: c90007ea8000 RCX: 0004 RDX: c9000d74c000 RSI: 00026b24 RDI: 00026b25 RBP: c90007ea7000 R08: 81a9e3fd R09: fbfff12631ef R10: fbfff12631ef R11: R12: c90008703000 R13: dc00 R14: 88808e51ea90 R15: c900 FS: 7f40b9e29700() GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: b770 CR3: 00019dad6000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Call Trace: _vm_unmap_aliases+0x442/0x4d0 mm/vmalloc.c:1800 change_page_attr_set_clr+0x24b/0x5c0 arch/x86/mm/pat/set_memory.c:1732 change_page_attr_clear arch/x86/mm/pat/set_memory.c:1789 [inline] set_memory_ro+0x5d/0x80 arch/x86/mm/pat/set_memory.c:1935 bpf_jit_binary_lock_ro include/linux/filter.h:815 [inline] bpf_int_jit_compile+0x84a1/0x8910 arch/x86/net/bpf_jit_comp.c:1929 bpf_prog_select_runtime+0x76d/0xa60 kernel/bpf/core.c:1807 bpf_prog_load kernel/bpf/syscall.c:2198 [inline] __do_sys_bpf+0xfabc/0x10c80 kernel/bpf/syscall.c:4114 do_syscall_64+0x73/0xe0 arch/x86/entry/common.c:359 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x45cb29 Code: Bad RIP value. RSP: 002b:7f40b9e28c78 EFLAGS: 0246 ORIG_RAX: 0141 RAX: ffda RBX: 004db2a0 RCX: 0045cb29 RDX: 0048 RSI: 2080 RDI: 0005 RBP: 0078bf00 R08: R09: R10: R11: 0246 R12: R13: 0070 R14: 004c3450 R15: 7f40b9e296d4 Modules linked in: ---[ end trace 0c5c57c9d5f27037 ]--- RIP: 0010:find_va_links mm/vmalloc.c:549 [inline] RIP: 0010:merge_or_add_vmap_area mm/vmalloc.c:778 [inline] RIP: 0010:__purge_vmap_area_lazy+0x18af/0x18c0 mm/vmalloc.c:1381 Code: e1 07 80 c1 03 38 c1 0f 8c f9 e8 ff ff 48 c7 c7 c8 2b 6d 89 e8 22 81 09 00 e9 e8 e8 ff ff e8 38 82 ca ff 0f 0b e8 31 82 ca ff <0f> 0b 0f 1f 44 00 00 66 2e 0f 1f 84 00 00 00 00 00 e8 1b 82 ca ff RSP: 0018:c900187f7800 EFLAGS: 00010283 RAX: 81a9f9df RBX: c90007ea8000 RCX: 0004 RDX: c9000d74c000 RSI: 00026b24 RDI: 00026b25 RBP: c90007ea7000 R08: 81a9e3fd R09: fbfff12631ef R10: fbfff12631ef R11: R12: c90008703000 R13: dc00 R14: 88808e51ea90 R15: c900 FS: 7f40b9e29700() GS:8880ae80() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: b770 CR3: 00019dad6000 CR4: 001406f0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkal...@googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
