Re: [mm/vmalloc] 0acd9a0ded: kernel_BUG_at_mm/vmalloc.c

From: Uladzislau Rezki
Date: Mon Jun 15 2020 - 11:26:50 EST


Hello, Ingo.

> > Greeting,
> >
> > FYI, we noticed the following commit (built with gcc-9):
> >
> > commit: 0acd9a0ded80c986ccc9588ba2703436769ead74 ("Revert "mm/vmalloc: modify struct vmap_area to reduce its size"")
> > https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git WIP.fixes
> >
> > in testcase: trinity
> > with following parameters:
> >
> > runtime: 300s
> >
> > test-description: Trinity is a linux system call fuzz tester.
> > test-url: http://codemonkey.org.uk/projects/trinity/
> >
> >
> > on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> >
> > caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
> >
> >
> > +----------------------------------------------------------------------------+------+------------+
> > | | v5.7 | 0acd9a0ded |
> > +----------------------------------------------------------------------------+------+------------+
> > | boot_successes | 214 | 142 |
> > | boot_failures | 3 | 16 |
> > | WARNING:at_kernel/rcu/tree_stall.h:#rcu_check_gp_start_stall | 1 | |
> > | EIP:rcu_check_gp_start_stall | 1 | |
> > | WARNING:at_net/sched/sch_generic.c:#dev_watchdog | 1 | 2 |
> > | EIP:dev_watchdog | 1 | 2 |
> > | Kernel_panic-not_syncing:VFS:Unable_to_mount_root_fs_on_unknown-block(#,#) | 1 | |
> > | kernel_BUG_at_mm/vmalloc.c | 0 | 11 |
> > | invalid_opcode:#[##] | 0 | 11 |
> > | EIP:free_vm_area | 0 | 11 |
> > | Kernel_panic-not_syncing:Fatal_exception | 0 | 11 |
> > | INFO:rcu_sched_detected_stalls_on_CPUs/tasks | 0 | 2 |
> > | EIP:smp_call_function_single | 0 | 2 |
> > | INFO:rcu_sched_self-detected_stall_on_CPU | 0 | 1 |
> > | EIP:bvec_iter_advance | 0 | 1 |
> > | EIP:iov_iter_copy_from_user_atomic | 0 | 1 |
> > +----------------------------------------------------------------------------+------+------------+
> >
> >
> > If you fix the issue, kindly add following tag
> > Reported-by: kernel test robot <rong.a.chen@xxxxxxxxx>
> >
> >
> > [ 330.604224] kernel BUG at mm/vmalloc.c:3211!
> > [ 330.605254] invalid opcode: 0000 [#1] SMP
> > [ 330.606027] CPU: 1 PID: 18 Comm: kworker/1:0 Not tainted 5.7.0-00001-g0acd9a0ded80c #1
> > [ 330.607482] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
> > [ 330.623780] Workqueue: events pcpu_balance_workfn
> > [ 330.624815] EIP: free_vm_area+0x33/0x77
> > [ 330.625601] Code: 49 56 b5 01 83 15 64 49 56 b5 00 89 e5 53 89 c3 8b 40 04 e8 de fe ff ff 39 c3 74 2c 83 05 68 49 56 b5 01 83 15 6c 49 56 b5 00 <0f> 0b 83 05 78 49 56 b5 01 83 15 7c 49 56 b5 00 83 05 80 49 56 b5
> > [ 330.629386] EAX: 00000000 EBX: ef7a8380 ECX: 00000003 EDX: f46fa0c0
> > [ 330.630660] ESI: 00000000 EDI: 00000001 EBP: f473bedc ESP: f473bed8
> > [ 330.631954] DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068 EFLAGS: 00010246
> > [ 330.633317] CR0: 80050033 CR2: a763a9e4 CR3: 3bc55000 CR4: 000006d0
> > [ 330.634576] Call Trace:
> > [ 330.635134] pcpu_free_vm_areas+0x2b/0x64
> > [ 330.635973] pcpu_balance_workfn+0x673/0x9ac
> > [ 330.636846] process_one_work+0x4e0/0x8b0
> > [ 330.637662] worker_thread+0x370/0x589
> > [ 330.638448] kthread+0x1f9/0x20c
> > [ 330.639153] ? create_worker+0x24d/0x24d
> > [ 330.639958] ? kthread_create_worker+0x38/0x38
> > [ 330.640863] ret_from_fork+0x19/0x30
> > [ 330.641597] Modules linked in:
> > [ 330.643261] ---[ end trace acbe7a17ad39ff71 ]---
> >
> >
> > To reproduce:
> >

I interpreted this BUG_ON() differently. I thought that below revert
fixes the BUG_ON() reported by the test robot:

<snip>
commit: 0acd9a0ded80c986ccc9588ba2703436769ead74 ("Revert "mm/vmalloc: modify struct vmap_area to reduce its size"")
<snip>

so basically it is vice versa. Due to that revert the vmalloc code
triggers the BUG_ON().

Are you planning to keep revert and mainline it or that is just for
test purposes?

Thank you!

--
Vlad Rezki