lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200615152643.GA24242@pc636>
Date:   Mon, 15 Jun 2020 17:26:43 +0200
From:   Uladzislau Rezki <urezki@...il.com>
To:     Ingo Molnar <mingo@...nel.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Ingo Molnar <mingo@...nel.org>, x86@...nel.org,
        lkp@...ts.01.org
Subject: Re: [mm/vmalloc] 0acd9a0ded: kernel_BUG_at_mm/vmalloc.c

Hello, Ingo.

> > Greeting,
> > 
> > FYI, we noticed the following commit (built with gcc-9):
> > 
> > commit: 0acd9a0ded80c986ccc9588ba2703436769ead74 ("Revert "mm/vmalloc: modify struct vmap_area to reduce its size"")
> > https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git WIP.fixes
> > 
> > in testcase: trinity
> > with following parameters:
> > 
> > 	runtime: 300s
> > 
> > test-description: Trinity is a linux system call fuzz tester.
> > test-url: http://codemonkey.org.uk/projects/trinity/
> > 
> > 
> > on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > 
> > caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
> > 
> > 
> > +----------------------------------------------------------------------------+------+------------+
> > |                                                                            | v5.7 | 0acd9a0ded |
> > +----------------------------------------------------------------------------+------+------------+
> > | boot_successes                                                             | 214  | 142        |
> > | boot_failures                                                              | 3    | 16         |
> > | WARNING:at_kernel/rcu/tree_stall.h:#rcu_check_gp_start_stall               | 1    |            |
> > | EIP:rcu_check_gp_start_stall                                               | 1    |            |
> > | WARNING:at_net/sched/sch_generic.c:#dev_watchdog                           | 1    | 2          |
> > | EIP:dev_watchdog                                                           | 1    | 2          |
> > | Kernel_panic-not_syncing:VFS:Unable_to_mount_root_fs_on_unknown-block(#,#) | 1    |            |
> > | kernel_BUG_at_mm/vmalloc.c                                                 | 0    | 11         |
> > | invalid_opcode:#[##]                                                       | 0    | 11         |
> > | EIP:free_vm_area                                                           | 0    | 11         |
> > | Kernel_panic-not_syncing:Fatal_exception                                   | 0    | 11         |
> > | INFO:rcu_sched_detected_stalls_on_CPUs/tasks                               | 0    | 2          |
> > | EIP:smp_call_function_single                                               | 0    | 2          |
> > | INFO:rcu_sched_self-detected_stall_on_CPU                                  | 0    | 1          |
> > | EIP:bvec_iter_advance                                                      | 0    | 1          |
> > | EIP:iov_iter_copy_from_user_atomic                                         | 0    | 1          |
> > +----------------------------------------------------------------------------+------+------------+
> > 
> > 
> > If you fix the issue, kindly add following tag
> > Reported-by: kernel test robot <rong.a.chen@...el.com>
> > 
> > 
> > [  330.604224] kernel BUG at mm/vmalloc.c:3211!
> > [  330.605254] invalid opcode: 0000 [#1] SMP
> > [  330.606027] CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 5.7.0-00001-g0acd9a0ded80c #1
> > [  330.607482] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
> > [  330.623780] Workqueue: events pcpu_balance_workfn
> > [  330.624815] EIP: free_vm_area+0x33/0x77
> > [  330.625601] Code: 49 56 b5 01 83 15 64 49 56 b5 00 89 e5 53 89 c3 8b 40 04 e8 de fe ff ff 39 c3 74 2c 83 05 68 49 56 b5 01 83 15 6c 49 56 b5 00 <0f> 0b 83 05 78 49 56 b5 01 83 15 7c 49 56 b5 00 83 05 80 49 56 b5
> > [  330.629386] EAX: 00000000 EBX: ef7a8380 ECX: 00000003 EDX: f46fa0c0
> > [  330.630660] ESI: 00000000 EDI: 00000001 EBP: f473bedc ESP: f473bed8
> > [  330.631954] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
> > [  330.633317] CR0: 80050033 CR2: a763a9e4 CR3: 3bc55000 CR4: 000006d0
> > [  330.634576] Call Trace:
> > [  330.635134]  pcpu_free_vm_areas+0x2b/0x64
> > [  330.635973]  pcpu_balance_workfn+0x673/0x9ac
> > [  330.636846]  process_one_work+0x4e0/0x8b0
> > [  330.637662]  worker_thread+0x370/0x589
> > [  330.638448]  kthread+0x1f9/0x20c
> > [  330.639153]  ? create_worker+0x24d/0x24d
> > [  330.639958]  ? kthread_create_worker+0x38/0x38
> > [  330.640863]  ret_from_fork+0x19/0x30
> > [  330.641597] Modules linked in:
> > [  330.643261] ---[ end trace acbe7a17ad39ff71 ]---
> > 
> > 
> > To reproduce:
> > 

I interpreted this BUG_ON() differently. I thought that below revert
fixes the BUG_ON() reported by the test robot:

<snip>
commit: 0acd9a0ded80c986ccc9588ba2703436769ead74 ("Revert "mm/vmalloc: modify struct vmap_area to reduce its size"")
<snip>

so basically it is vice versa. Due to that revert the vmalloc code
triggers the BUG_ON().

Are you planning to keep revert and mainline it or that is just for
test purposes?

Thank you!

--
Vlad Rezki

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ