netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: kernel BUG at mm/vmalloc.c:LINE! (2)
       [not found] <000000000000588c2c05aa156b2b@google.com>
@ 2021-01-10 21:34 ` syzbot
  2021-01-11  9:15   ` Dmitry Vyukov
  0 siblings, 1 reply; 3+ messages in thread
From: syzbot @ 2021-01-10 21:34 UTC (permalink / raw)
  To: akpm, andrii, ast, bjorn.topel, bp, bpf, daniel, dave.hansen,
	davem, hawk, hpa, john.fastabend, jonathan.lemon, kafai, kpsingh,
	kuba, linux-kernel, linux-mm, luto, magnus.karlsson,
	marekx.majtyka, mingo, mingo, netdev, peterz, songliubraving,
	syzkaller-bugs, tglx, x86, yhs

syzbot suspects this issue was fixed by commit:

commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29
Author: Magnus Karlsson <magnus.karlsson@intel.com>
Date:   Fri Nov 20 11:53:39 2020 +0000

    xsk: Fix umem cleanup bug at socket destruct

bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=139f3dfb500000
start commit:   e87d24fc Merge branch 'net-iucv-fixes-2020-11-09'
git tree:       net
kernel config:  https://syzkaller.appspot.com/x/.config?x=61033507391c77ff
dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87
syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10d10006500000
C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=126c9eaa500000

If the result looks correct, please mark the issue as fixed by replying with:

#syz fix: xsk: Fix umem cleanup bug at socket destruct

For information about bisection process see: https://goo.gl/tpsmEJ#bisection

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: kernel BUG at mm/vmalloc.c:LINE! (2)
  2021-01-10 21:34 ` kernel BUG at mm/vmalloc.c:LINE! (2) syzbot
@ 2021-01-11  9:15   ` Dmitry Vyukov
  2022-01-24 17:59     ` Vegard Nossum
  0 siblings, 1 reply; 3+ messages in thread
From: Dmitry Vyukov @ 2021-01-11  9:15 UTC (permalink / raw)
  To: syzbot
  Cc: Andrew Morton, andrii, Alexei Starovoitov, Björn Töpel,
	Borislav Petkov, bpf, Daniel Borkmann, Dave Hansen, David Miller,
	Jesper Dangaard Brouer, H. Peter Anvin, John Fastabend,
	jonathan.lemon, Martin KaFai Lau, KP Singh, Jakub Kicinski, LKML,
	Linux-MM, Andy Lutomirski, Karlsson, Magnus, marekx.majtyka,
	Ingo Molnar, Ingo Molnar, netdev, Peter Zijlstra, Song Liu,
	syzkaller-bugs, Thomas Gleixner, the arch/x86 maintainers,
	Yonghong Song

On Sun, Jan 10, 2021 at 10:34 PM syzbot
<syzbot+5f326d255ca648131f87@syzkaller.appspotmail.com> wrote:
>
> syzbot suspects this issue was fixed by commit:
>
> commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29
> Author: Magnus Karlsson <magnus.karlsson@intel.com>
> Date:   Fri Nov 20 11:53:39 2020 +0000
>
>     xsk: Fix umem cleanup bug at socket destruct
>
> bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=139f3dfb500000
> start commit:   e87d24fc Merge branch 'net-iucv-fixes-2020-11-09'
> git tree:       net
> kernel config:  https://syzkaller.appspot.com/x/.config?x=61033507391c77ff
> dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87
> syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10d10006500000
> C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=126c9eaa500000
>
> If the result looks correct, please mark the issue as fixed by replying with:
>
> #syz fix: xsk: Fix umem cleanup bug at socket destruct
>
> For information about bisection process see: https://goo.gl/tpsmEJ#bisection

FTR, the bisection log looks clean, but this does not look like the
fix for this. The reproducer does not destroy sockets.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: kernel BUG at mm/vmalloc.c:LINE! (2)
  2021-01-11  9:15   ` Dmitry Vyukov
@ 2022-01-24 17:59     ` Vegard Nossum
  0 siblings, 0 replies; 3+ messages in thread
From: Vegard Nossum @ 2022-01-24 17:59 UTC (permalink / raw)
  To: Dmitry Vyukov
  Cc: syzbot, Andrew Morton, andrii, Alexei Starovoitov,
	Björn Töpel, Borislav Petkov, bpf, Daniel Borkmann,
	Dave Hansen, David Miller, Jesper Dangaard Brouer,
	H. Peter Anvin, John Fastabend, jonathan.lemon, Martin KaFai Lau,
	KP Singh, Jakub Kicinski, LKML, Linux-MM, Andy Lutomirski,
	Karlsson, Magnus, marekx.majtyka, Ingo Molnar, Ingo Molnar,
	netdev, Peter Zijlstra, Song Liu, syzkaller-bugs,
	Thomas Gleixner, the arch/x86 maintainers, Yonghong Song

On Mon, 11 Jan 2021 at 10:16, Dmitry Vyukov <dvyukov@google.com> wrote:
>
> On Sun, Jan 10, 2021 at 10:34 PM syzbot
> <syzbot+5f326d255ca648131f87@syzkaller.appspotmail.com> wrote:
> >
> > syzbot suspects this issue was fixed by commit:
> >
> > commit 537cf4e3cc2f6cc9088dcd6162de573f603adc29
> > Author: Magnus Karlsson <magnus.karlsson@intel.com>
> > Date:   Fri Nov 20 11:53:39 2020 +0000
> >
> >     xsk: Fix umem cleanup bug at socket destruct
> >
> > bisection log:  https://syzkaller.appspot.com/x/bisect.txt?x=139f3dfb500000
> > start commit:   e87d24fc Merge branch 'net-iucv-fixes-2020-11-09'
> > git tree:       net
> > kernel config:  https://syzkaller.appspot.com/x/.config?x=61033507391c77ff
> > dashboard link: https://syzkaller.appspot.com/bug?extid=5f326d255ca648131f87
> > syz repro:      https://syzkaller.appspot.com/x/repro.syz?x=10d10006500000
> > C reproducer:   https://syzkaller.appspot.com/x/repro.c?x=126c9eaa500000
> >
> > If the result looks correct, please mark the issue as fixed by replying with:
> >
> > #syz fix: xsk: Fix umem cleanup bug at socket destruct
> >
> > For information about bisection process see: https://goo.gl/tpsmEJ#bisection
>
> FTR, the bisection log looks clean, but this does not look like the
> fix for this. The reproducer does not destroy sockets.

I think it's the correct fix.

The crash report also has this, which shows the reproducer does
actually destroy sockets:

 xdp_umem_addr_unmap net/xdp/xdp_umem.c:44 [inline]
 xdp_umem_release net/xdp/xdp_umem.c:62 [inline]
 xdp_put_umem+0x113/0x330 net/xdp/xdp_umem.c:80
 xsk_destruct net/xdp/xsk.c:1150 [inline]
 xsk_destruct+0xc0/0xf0 net/xdp/xsk.c:1142
 __sk_destruct+0x4b/0x8f0 net/core/sock.c:1759
 rcu_do_batch kernel/rcu/tree.c:2476 [inline]

I've tested the reproducer on both 537cf4e3cc2f and 537cf4e3cc2f^ and
it only reproduces on 537cf4e3cc2f^ here (with the same stack trace as
the syzbot report).

The repro I used was
https://syzkaller.appspot.com/text?tag=ReproSyz&x=10d10006500000 which
is just:

r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4,
&(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x1000000, 0x1000}, 0x20)

so the socket definitely gets created/destroyed.

Feel free to undo if you disagree:

#syz fix: xsk: Fix umem cleanup bug at socket destruct


Vegard

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-24 18:00 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <000000000000588c2c05aa156b2b@google.com>
2021-01-10 21:34 ` kernel BUG at mm/vmalloc.c:LINE! (2) syzbot
2021-01-11  9:15   ` Dmitry Vyukov
2022-01-24 17:59     ` Vegard Nossum

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).