kvm: vmalloc allocation failure in kvm_vm_ioctl

From: Dmitry Vyukov
Date: Fri Jan 08 2016 - 16:19:11 EST


Hello,

I've git the following vmalloc allocation failure while running
syzkaller fuzzer. kvm_vm_ioctl() tries to vmalloc 0 bytes. Harmless,
but looks scary in dmesg:

syz-executor: page allocation failure: order:0, mode:0x24000c2
CPU: 1 PID: 15485 Comm: syz-executor Tainted: G D 4.4.0-rc8+ #217
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
00000000ffffffff ffff88003534f9e0 ffffffff82904c8d 1ffff10006a69f40
ffffffff85fbae20 dffffc0000000000 ffff88003534faf8 ffffffff8164e364
0000000000000282 0000000000000001 0000000041b58ab3 ffffffff86e3ff04
Call Trace:
[< inline >] __dump_stack lib/dump_stack.c:15
[<ffffffff82904c8d>] dump_stack+0x6f/0xa2 lib/dump_stack.c:50
[<ffffffff8164e364>] warn_alloc_failed+0x1f4/0x2016/01/08 21:06:03
executing program 7:
[<ffffffff816f530b>] __vmalloc_node_range+0x42b/0x6d0 mm/vmalloc.c:1692
[< inline >] __vmalloc_node mm/vmalloc.c:1715
[< inline >] __vmalloc_node_flags mm/vmalloc.c:1729
[<ffffffff816f567b>] vmalloc+0x5b/0x70 mm/vmalloc.c:1744
[<ffffffff8102014a>] kvm_vm_ioctl+0x37a/0xf30
arch/x86/kvm/../../../virt/kvm/kvm_main.c:2865
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff817b36b1>] do_vfs_ioctl+0x681/0xe40 fs/ioctl.c:607
[< inline >] SYSC_ioctl fs/ioctl.c:622
[<ffffffff817b3eff>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:613
[<ffffffff85e745b6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
Mem-Info:
active_anon:10640 inactive_anon:59 isolated_anon:0
active_file:4352 inactive_file:4592 isolated_file:0
unevictable:0 dirty:388 writeback:0 unstable:0
slab_reclaimable:9888 slab_unreclaimable:52072
mapped:4217 shmem:67 pagetables:383 bounce:0
free:306311 free_pcp:1049 free_cma:0
Node 0 DMA free:9644kB min:48kB low:60kB high:72kB active_anon:160kB
inactive_anon:0kB active_file:308kB inactive_file:204kB
unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15992kB
managed:15908kB mlocked:549755813888kB dirty:16kB writeback:0kB
mapped:152kB shmem:0kB slab_reclaimable:488kB
slab_unreclaimable:3776kB kernel_stack:96kB pagetables:28kB
unstable:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 862 862 862
Node 0 DMA32 free:695852kB min:2664kB low:3328kB high:3996kB
active_anon:8772kB inactive_anon:124kB active_file:7164kB
inactive_file:5088kB unevictable:0kB isolated(anon):0kB
isolated(file):0kB present:1032192kB managed:883572kB
mlocked:3453153705988kB dirty:768kB writeback:0kB mapped:5464kB
shmem:140kB slab_reclaimable:13968kB slab_unreclaimable:105592kB
kernel_stack:1952kB pagetables:744kB unstable:0kB bounce:0kB
free_pcp:2088kB local_pcp:524kB free_cma:0kB writeback_tmp:0kB
pages_scanned:0 all_unreclaimable? no
lowmem_reserve[]: 0 0 0 0
Node 1 DMA32 free:519104kB min:2252kB low:2812kB high:3376kB
active_anon:33628kB inactive_anon:112kB active_file:9936kB
inactive_file:13076kB unevictable:0kB isolated(anon):0kB
isolated(file):0kB present:1048560kB managed:746804kB
mlocked:4964982194180kB dirty:768kB writeback:0kB mapped:11400kB
shmem:128kB slab_reclaimable:25096kB slab_unreclaimable:99032kB
kernel_stack:5536kB pagetables:760kB unstable:0kB bounce:0kB
free_pcp:2016kB local_pcp:704kB free_cma:0kB writeback_tmp:0kB
pages_scanned:0 all_unreclaimable? no

On commit b06f3a168cdcd80026276898fd1fee443ef25743 (Jan 6).