* [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from
@ 2025-03-10 12:52 kernel test robot
2025-03-10 16:52 ` Uladzislau Rezki
0 siblings, 1 reply; 7+ messages in thread
From: kernel test robot @ 2025-03-10 12:52 UTC (permalink / raw)
To: Liu Ye
Cc: oe-lkp, lkp, Andrew Morton, Uladzislau Rezki, Christop Hellwig,
linux-mm, oliver.sang
Hello,
kernel test robot noticed "WARNING:at_kernel/fork.c:#vm_area_init_from" on:
commit: ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 0a2f889128969dab41861b6e40111aa03dc57014]
in testcase: trinity
version:
with following parameters:
runtime: 300s
group: group-02
nr_groups: 5
config: x86_64-randconfig-101-20250306
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-------------------------------------------------------------+------------+------------+
| | fb8faf4337 | ff6f2b81ea |
+-------------------------------------------------------------+------------+------------+
| boot_successes | 9 | 0 |
| boot_failures | 0 | 6 |
| WARNING:at_kernel/fork.c:#vm_area_init_from | 0 | 6 |
| RIP:vm_area_init_from | 0 | 6 |
| BUG:KASAN:slab-use-after-free_in__vmalloc_node_range_noprof | 0 | 5 |
| WARNING:at_mm/vmalloc.c:#remove_vm_area | 0 | 5 |
| RIP:remove_vm_area | 0 | 5 |
| kernel_BUG_at_mm/vmalloc.c | 0 | 5 |
| Oops:invalid_opcode:#[##]PREEMPT_KASAN | 0 | 5 |
| RIP:__vmalloc_node_range_noprof | 0 | 5 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 5 |
+-------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202503101629.7289b1-lkp@intel.com
[ 8.741254][ T47] ------------[ cut here ]------------
[ 8.742176][ T47] memcpy: detected field-spanning write (size 8) of single field "&dest->swap_readahead_info" at kernel/fork.c:477 (size 0)
[ 8.745188][ T47] WARNING: CPU: 0 PID: 47 at kernel/fork.c:477 vm_area_init_from (kernel/fork.c:477 (discriminator 3))
[ 8.746489][ T47] Modules linked in:
[ 8.747050][ T47] CPU: 0 UID: 0 PID: 47 Comm: modprobe Tainted: G T 6.14.0-rc3-00393-gff6f2b81eaa8 #1
[ 8.748545][ T47] Tainted: [T]=RANDSTRUCT
[ 8.749159][ T47] RIP: 0010:vm_area_init_from (kernel/fork.c:477 (discriminator 3))
[ 8.750008][ T47] Code: 5b 41 5c 41 5d 41 5e 5d c3 31 c9 48 c7 c2 40 01 84 84 be 08 00 00 00 48 c7 c7 a0 01 84 84 c6 05 97 a0 fd 04 01 e8 7c e9 00 00 <0f> 0b eb c2 e8 53 c2 53 00 eb 96 e8 ac c1 53 00 e9 6c ff ff ff e8
All code
========
0: 5b pop %rbx
1: 41 5c pop %r12
3: 41 5d pop %r13
5: 41 5e pop %r14
7: 5d pop %rbp
8: c3 ret
9: 31 c9 xor %ecx,%ecx
b: 48 c7 c2 40 01 84 84 mov $0xffffffff84840140,%rdx
12: be 08 00 00 00 mov $0x8,%esi
17: 48 c7 c7 a0 01 84 84 mov $0xffffffff848401a0,%rdi
1e: c6 05 97 a0 fd 04 01 movb $0x1,0x4fda097(%rip) # 0x4fda0bc
25: e8 7c e9 00 00 call 0xe9a6
2a:* 0f 0b ud2 <-- trapping instruction
2c: eb c2 jmp 0xfffffffffffffff0
2e: e8 53 c2 53 00 call 0x53c286
33: eb 96 jmp 0xffffffffffffffcb
35: e8 ac c1 53 00 call 0x53c1e6
3a: e9 6c ff ff ff jmp 0xffffffffffffffab
3f: e8 .byte 0xe8
Code starting with the faulting instruction
===========================================
0: 0f 0b ud2
2: eb c2 jmp 0xffffffffffffffc6
4: e8 53 c2 53 00 call 0x53c25c
9: eb 96 jmp 0xffffffffffffffa1
b: e8 ac c1 53 00 call 0x53c1bc
10: e9 6c ff ff ff jmp 0xffffffffffffff81
15: e8 .byte 0xe8
[ 8.752623][ T47] RSP: 0000:ffffc9000033f5e0 EFLAGS: 00010286
[ 8.757589][ T47] RAX: 0000000000000000 RBX: ffff88812aef5e00 RCX: 1ffffffff0a96ea4
[ 8.758688][ T47] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001
[ 8.759767][ T47] RBP: ffffc9000033f600 R08: 0000000000000000 R09: fffffbfff0a96ea4
[ 8.760832][ T47] R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000
[ 8.761924][ T47] R13: ffff88812aef5e60 R14: ffff88812aef5360 R15: ffffffff848ba400
[ 8.762997][ T47] FS: 0000000000000000(0000) GS:ffffffff85478000(0000) knlGS:0000000000000000
[ 8.764185][ T47] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 8.765087][ T47] CR2: ffff88843ffff000 CR3: 000000012aef4000 CR4: 00000000000406b0
[ 8.766162][ T47] Call Trace:
[ 8.766606][ T47] <TASK>
[ 8.767019][ T47] ? show_regs (arch/x86/kernel/dumpstack.c:479)
[ 8.767608][ T47] ? __warn (kernel/panic.c:748)
[ 8.768241][ T47] ? vm_area_init_from (kernel/fork.c:477 (discriminator 3))
[ 8.769012][ T47] ? vm_area_init_from (kernel/fork.c:477 (discriminator 3))
[ 8.769752][ T47] ? report_bug (lib/bug.c:180 lib/bug.c:219)
[ 8.770418][ T47] ? handle_bug (arch/x86/kernel/traps.c:285)
[ 8.771056][ T47] ? exc_invalid_op (arch/x86/kernel/traps.c:309 (discriminator 1))
[ 8.771726][ T47] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 8.772478][ T47] ? vm_area_init_from (kernel/fork.c:477 (discriminator 3))
[ 8.773223][ T47] vm_area_dup (include/linux/list.h:37 kernel/fork.c:499)
[ 8.773752][ T47] __split_vma (mm/vma.c:477)
[ 8.774165][ T47] ? commit_merge (mm/vma.c:463)
[ 8.774582][ T47] ? __kasan_check_read (mm/kasan/shadow.c:32)
[ 8.775053][ T47] ? validate_chain (arch/x86/include/asm/bitops.h:227 arch/x86/include/asm/bitops.h:239 include/asm-generic/bitops/instrumented-non-atomic.h:142 kernel/locking/lockdep.c:230 kernel/locking/lockdep.c:3818 kernel/locking/lockdep.c:3874)
[ 8.775484][ T47] vms_gather_munmap_vmas (mm/vma.c:1283)
[ 8.775959][ T47] ? check_prev_add (kernel/locking/lockdep.c:3862)
[ 8.776378][ T47] ? mark_lock (arch/x86/include/asm/bitops.h:227 (discriminator 3) arch/x86/include/asm/bitops.h:239 (discriminator 3) include/asm-generic/bitops/instrumented-non-atomic.h:142 (discriminator 3) kernel/locking/lockdep.c:230 (discriminator 3) kernel/locking/lockdep.c:4729 (discriminator 3))
[ 8.776749][ T47] do_vmi_align_munmap (mm/vma.c:1450)
[ 8.777198][ T47] ? vma_shrink (mm/vma.c:1441)
[ 8.777627][ T47] ? lock_acquire (kernel/locking/lockdep.c:469 kernel/locking/lockdep.c:5853)
[ 8.778059][ T47] ? mas_walk (lib/maple_tree.c:3636 lib/maple_tree.c:4942)
[ 8.778451][ T47] do_vmi_munmap (mm/vma.c:1507)
[ 8.778877][ T47] __vm_munmap (mm/vma.c:2969)
[ 8.779252][ T47] ? expand_downwards (mm/vma.c:2960)
[ 8.779671][ T47] ? vm_mmap_pgoff (mm/util.c:579)
[ 8.780092][ T47] ? get_random_u64 (drivers/char/random.c:554 (discriminator 13))
[ 8.780507][ T47] vm_munmap (mm/mmap.c:1078)
[ 8.780842][ T47] elf_load (include/linux/pid.h:231 fs/binfmt_elf.c:395 fs/binfmt_elf.c:414)
[ 8.781205][ T47] load_elf_binary (include/linux/instrumented.h:68 include/asm-generic/bitops/instrumented-non-atomic.h:141 include/linux/thread_info.h:126 arch/x86/include/asm/elf.h:310 fs/binfmt_elf.c:1125)
[ 8.781652][ T47] ? load_elf_interp+0xa70/0xa70
[ 8.782161][ T47] ? exec_binprm (fs/exec.c:1775 fs/exec.c:1807)
[ 8.782556][ T47] exec_binprm (fs/exec.c:1777 fs/exec.c:1807)
[ 8.783104][ T47] ? check_unsafe_exec (fs/exec.c:1791)
[ 8.783535][ T47] ? _raw_spin_unlock (arch/x86/include/asm/preempt.h:94 include/linux/spinlock_api_smp.h:143 kernel/locking/spinlock.c:186)
[ 8.783980][ T47] ? check_unsafe_exec (fs/exec.c:1637)
[ 8.784412][ T47] bprm_execve (fs/exec.c:1859)
[ 8.784782][ T47] kernel_execve (fs/exec.c:2026)
[ 8.785177][ T47] call_usermodehelper_exec_async (kernel/umh.c:113)
[ 8.785697][ T47] ? umh_complete (kernel/umh.c:64)
[ 8.786102][ T47] ret_from_fork (arch/x86/kernel/process.c:154)
[ 8.786473][ T47] ? umh_complete (kernel/umh.c:64)
[ 8.786867][ T47] ret_from_fork_asm (arch/x86/entry/entry_64.S:254)
[ 8.787278][ T47] </TASK>
[ 8.787532][ T47] irq event stamp: 955
[ 8.787877][ T47] hardirqs last enabled at (965): __up_console_sem (arch/x86/include/asm/irqflags.h:26 (discriminator 1) arch/x86/include/asm/irqflags.h:87 (discriminator 1) arch/x86/include/asm/irqflags.h:147 (discriminator 1) kernel/printk/printk.c:344 (discriminator 1))
[ 8.788658][ T47] hardirqs last disabled at (972): __up_console_sem (kernel/printk/printk.c:342 (discriminator 1))
[ 8.789442][ T47] softirqs last enabled at (470): handle_softirqs (arch/x86/include/asm/preempt.h:26 kernel/softirq.c:408 kernel/softirq.c:589)
[ 8.790243][ T47] softirqs last disabled at (461): irq_exit_rcu (kernel/softirq.c:596 kernel/softirq.c:435 kernel/softirq.c:662 kernel/softirq.c:678)
[ 8.790996][ T47] ---[ end trace 0000000000000000 ]---
[ 8.796795][ T47] modprobe (47) used greatest stack depth: 25392 bytes left
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250310/202503101629.7289b1-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from
2025-03-10 12:52 [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from kernel test robot
@ 2025-03-10 16:52 ` Uladzislau Rezki
2025-03-11 7:26 ` liuye
0 siblings, 1 reply; 7+ messages in thread
From: Uladzislau Rezki @ 2025-03-10 16:52 UTC (permalink / raw)
To: Andrew Morton, Liu Ye
Cc: oe-lkp, lkp, Uladzislau Rezki, Christop Hellwig, linux-mm
Hello, Andrew, Liu Ye.
>
> Hello,
>
> kernel test robot noticed "WARNING:at_kernel/fork.c:#vm_area_init_from" on:
>
> commit: ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
>
> [test failed on linux-next/master 0a2f889128969dab41861b6e40111aa03dc57014]
>
> in testcase: trinity
> version:
> with following parameters:
>
> runtime: 300s
> group: group-02
> nr_groups: 5
>
>
>
> config: x86_64-randconfig-101-20250306
> compiler: gcc-12
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +-------------------------------------------------------------+------------+------------+
> | | fb8faf4337 | ff6f2b81ea |
> +-------------------------------------------------------------+------------+------------+
> | boot_successes | 9 | 0 |
> | boot_failures | 0 | 6 |
> | WARNING:at_kernel/fork.c:#vm_area_init_from | 0 | 6 |
> | RIP:vm_area_init_from | 0 | 6 |
> | BUG:KASAN:slab-use-after-free_in__vmalloc_node_range_noprof | 0 | 5 |
> | WARNING:at_mm/vmalloc.c:#remove_vm_area | 0 | 5 |
> | RIP:remove_vm_area | 0 | 5 |
> | kernel_BUG_at_mm/vmalloc.c | 0 | 5 |
> | Oops:invalid_opcode:#[##]PREEMPT_KASAN | 0 | 5 |
> | RIP:__vmalloc_node_range_noprof | 0 | 5 |
> | Kernel_panic-not_syncing:Fatal_exception | 0 | 5 |
> +-------------------------------------------------------------+------------+------------+
>
The patch that is in question, indeed, looks buggy. At least i can see
how a use-after-free can occur:
<snip>
static void *__vmalloc_area_node(...)
...
fail:
vfree(area->addr);
return NULL;
}
<snip>
<snip>
...
ret = __vmalloc_area_node(area, gfp_mask, prot, shift, node);
if (!ret) {
free_vm_area(area);
goto fail;
}
...
<snip>
vfree() - __also__ frees "vm_struct" where "area" points to. A NULL is
returned and free_vm_area() is invoked one more time on already freed
"area".
Probably it is better to drop the below patch:
ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from
2025-03-10 16:52 ` Uladzislau Rezki
@ 2025-03-11 7:26 ` liuye
2025-03-11 10:24 ` Uladzislau Rezki
0 siblings, 1 reply; 7+ messages in thread
From: liuye @ 2025-03-11 7:26 UTC (permalink / raw)
To: Uladzislau Rezki, Andrew Morton; +Cc: oe-lkp, lkp, Christop Hellwig, linux-mm
在 2025/3/11 00:52, Uladzislau Rezki 写道:
> Hello, Andrew, Liu Ye.
>
>>
>> Hello,
>>
>> kernel test robot noticed "WARNING:at_kernel/fork.c:#vm_area_init_from" on:
>>
>> commit: ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
>> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
>>
>> [test failed on linux-next/master 0a2f889128969dab41861b6e40111aa03dc57014]
>>
>> in testcase: trinity
>> version:
>> with following parameters:
>>
>> runtime: 300s
>> group: group-02
>> nr_groups: 5
>>
>>
>>
>> config: x86_64-randconfig-101-20250306
>> compiler: gcc-12
>> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>>
>> (please refer to attached dmesg/kmsg for entire log/backtrace)
>>
>>
>> +-------------------------------------------------------------+------------+------------+
>> | | fb8faf4337 | ff6f2b81ea |
>> +-------------------------------------------------------------+------------+------------+
>> | boot_successes | 9 | 0 |
>> | boot_failures | 0 | 6 |
>> | WARNING:at_kernel/fork.c:#vm_area_init_from | 0 | 6 |
>> | RIP:vm_area_init_from | 0 | 6 |
>> | BUG:KASAN:slab-use-after-free_in__vmalloc_node_range_noprof | 0 | 5 |
>> | WARNING:at_mm/vmalloc.c:#remove_vm_area | 0 | 5 |
>> | RIP:remove_vm_area | 0 | 5 |
>> | kernel_BUG_at_mm/vmalloc.c | 0 | 5 |
>> | Oops:invalid_opcode:#[##]PREEMPT_KASAN | 0 | 5 |
>> | RIP:__vmalloc_node_range_noprof | 0 | 5 |
>> | Kernel_panic-not_syncing:Fatal_exception | 0 | 5 |
>> +-------------------------------------------------------------+------------+------------+
>>
> The patch that is in question, indeed, looks buggy. At least i can see
> how a use-after-free can occur:
>
> <snip>
> static void *__vmalloc_area_node(...)
> ...
> fail:
> vfree(area->addr);
> return NULL;
> }
> <snip>
>
> <snip>
> ...
> ret = __vmalloc_area_node(area, gfp_mask, prot, shift, node);
> if (!ret) {
> free_vm_area(area);
> goto fail;
> }
> ...
> <snip>
>
> vfree() - __also__ frees "vm_struct" where "area" points to. A NULL is
> returned and free_vm_area() is invoked one more time on already freed
> "area".
>
> Probably it is better to drop the below patch:
>
> ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
>
If drop this commit, then the two “goto fail; ”in the __vmalloc_area_node function will cause area memory leaks in the __vmalloc_area_node function when returning.
Perhaps the following changes should be added.
If the following changes should fix all issues I will send a new patch.
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
index 61981ee1c9d2..1826f3d70885 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -3697,7 +3697,7 @@ static void *__vmalloc_area_node(struct vm_struct *area, gfp_t gfp_mask,
warn_alloc(gfp_mask, NULL,
"vmalloc error: size %lu, failed to allocate pages",
area->nr_pages * PAGE_SIZE);
- goto fail;
+ return NULL;
}
/*
@@ -3725,14 +3725,10 @@ static void *__vmalloc_area_node(struct vm_struct *area, gfp_t gfp_mask,
warn_alloc(gfp_mask, NULL,
"vmalloc error: size %lu, failed to map pages",
area->nr_pages * PAGE_SIZE);
- goto fail;
+ return NULL;
}
return area->addr;
-
-fail:
- vfree(area->addr);
- return NULL;
}
Thanks,
Liu Ye
> --
> Uladzislau Rezki
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from
2025-03-11 7:26 ` liuye
@ 2025-03-11 10:24 ` Uladzislau Rezki
2025-03-11 12:43 ` Uladzislau Rezki
0 siblings, 1 reply; 7+ messages in thread
From: Uladzislau Rezki @ 2025-03-11 10:24 UTC (permalink / raw)
To: liuye, Andrew Morton
Cc: Uladzislau Rezki, Andrew Morton, oe-lkp, lkp, Christop Hellwig, linux-mm
On Tue, Mar 11, 2025 at 03:26:59PM +0800, liuye wrote:
>
>
> 在 2025/3/11 00:52, Uladzislau Rezki 写道:
> > Hello, Andrew, Liu Ye.
> >
> >>
> >> Hello,
> >>
> >> kernel test robot noticed "WARNING:at_kernel/fork.c:#vm_area_init_from" on:
> >>
> >> commit: ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
> >> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> >>
> >> [test failed on linux-next/master 0a2f889128969dab41861b6e40111aa03dc57014]
> >>
> >> in testcase: trinity
> >> version:
> >> with following parameters:
> >>
> >> runtime: 300s
> >> group: group-02
> >> nr_groups: 5
> >>
> >>
> >>
> >> config: x86_64-randconfig-101-20250306
> >> compiler: gcc-12
> >> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> >>
> >> (please refer to attached dmesg/kmsg for entire log/backtrace)
> >>
> >>
> >> +-------------------------------------------------------------+------------+------------+
> >> | | fb8faf4337 | ff6f2b81ea |
> >> +-------------------------------------------------------------+------------+------------+
> >> | boot_successes | 9 | 0 |
> >> | boot_failures | 0 | 6 |
> >> | WARNING:at_kernel/fork.c:#vm_area_init_from | 0 | 6 |
> >> | RIP:vm_area_init_from | 0 | 6 |
> >> | BUG:KASAN:slab-use-after-free_in__vmalloc_node_range_noprof | 0 | 5 |
> >> | WARNING:at_mm/vmalloc.c:#remove_vm_area | 0 | 5 |
> >> | RIP:remove_vm_area | 0 | 5 |
> >> | kernel_BUG_at_mm/vmalloc.c | 0 | 5 |
> >> | Oops:invalid_opcode:#[##]PREEMPT_KASAN | 0 | 5 |
> >> | RIP:__vmalloc_node_range_noprof | 0 | 5 |
> >> | Kernel_panic-not_syncing:Fatal_exception | 0 | 5 |
> >> +-------------------------------------------------------------+------------+------------+
> >>
> > The patch that is in question, indeed, looks buggy. At least i can see
> > how a use-after-free can occur:
> >
> > <snip>
> > static void *__vmalloc_area_node(...)
> > ...
> > fail:
> > vfree(area->addr);
> > return NULL;
> > }
> > <snip>
> >
> > <snip>
> > ...
> > ret = __vmalloc_area_node(area, gfp_mask, prot, shift, node);
> > if (!ret) {
> > free_vm_area(area);
> > goto fail;
> > }
> > ...
> > <snip>
> >
> > vfree() - __also__ frees "vm_struct" where "area" points to. A NULL is
> > returned and free_vm_area() is invoked one more time on already freed
> > "area".
> >
> > Probably it is better to drop the below patch:
> >
> > ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
> >
>
> If drop this commit, then the two “goto fail; ”in the __vmalloc_area_node function will cause area memory leaks in the __vmalloc_area_node function when returning.
>
It does not leak. On a fail case we release everything including "area":
fail:
vfree(area->addr);
return NULL;
this is how vfree() works.
> Perhaps the following changes should be added.
>
> If the following changes should fix all issues I will send a new patch.
>
> diff --git a/mm/vmalloc.c b/mm/vmalloc.c
> index 61981ee1c9d2..1826f3d70885 100644
> --- a/mm/vmalloc.c
> +++ b/mm/vmalloc.c
> @@ -3697,7 +3697,7 @@ static void *__vmalloc_area_node(struct vm_struct *area, gfp_t gfp_mask,
> warn_alloc(gfp_mask, NULL,
> "vmalloc error: size %lu, failed to allocate pages",
> area->nr_pages * PAGE_SIZE);
> - goto fail;
> + return NULL;
> }
>
> /*
> @@ -3725,14 +3725,10 @@ static void *__vmalloc_area_node(struct vm_struct *area, gfp_t gfp_mask,
> warn_alloc(gfp_mask, NULL,
> "vmalloc error: size %lu, failed to map pages",
> area->nr_pages * PAGE_SIZE);
> - goto fail;
> + return NULL;
> }
>
> return area->addr;
> -
> -fail:
> - vfree(area->addr);
> - return NULL;
> }
>
It is better to drop the patch. It does not fix anything, instead it
has introduced a degrade.
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from
2025-03-11 10:24 ` Uladzislau Rezki
@ 2025-03-11 12:43 ` Uladzislau Rezki
2025-03-11 18:18 ` Andrew Morton
0 siblings, 1 reply; 7+ messages in thread
From: Uladzislau Rezki @ 2025-03-11 12:43 UTC (permalink / raw)
To: Andrew Morton
Cc: liuye, Andrew Morton, oe-lkp, lkp, Christop Hellwig, linux-mm
Hello, Andrew!
> > >
> > >>
> > >> Hello,
> > >>
> > >> kernel test robot noticed "WARNING:at_kernel/fork.c:#vm_area_init_from" on:
> > >>
> > >> commit: ff6f2b81eaa8a9fe5d158c6e7b1e58d3929c32c1 ("mm/vmalloc: move free_vm_area(area) from the __vmalloc_area_node function to the __vmalloc_node_range_noprof function")
> > >> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> > >>
> > >> [test failed on linux-next/master 0a2f889128969dab41861b6e40111aa03dc57014]
> > >>
> > >> in testcase: trinity
> > >> version:
> > >> with following parameters:
> > >>
> > >> runtime: 300s
> > >> group: group-02
> > >> nr_groups: 5
> > >>
> > >>
> > >>
> > >> config: x86_64-randconfig-101-20250306
> > >> compiler: gcc-12
> > >> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > >>
> > >> (please refer to attached dmesg/kmsg for entire log/backtrace)
> > >>
>
Could you please share your view what we should do with the patch in
question? I mean we can drop it, since it is broken and there is also
another option - it is to fix the broken patch.
Thank you in advance!
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from
2025-03-11 12:43 ` Uladzislau Rezki
@ 2025-03-11 18:18 ` Andrew Morton
2025-03-11 20:26 ` Uladzislau Rezki
0 siblings, 1 reply; 7+ messages in thread
From: Andrew Morton @ 2025-03-11 18:18 UTC (permalink / raw)
To: Uladzislau Rezki; +Cc: liuye, oe-lkp, lkp, Christop Hellwig, linux-mm
On Tue, 11 Mar 2025 13:43:44 +0100 Uladzislau Rezki <urezki@gmail.com> wrote:
> > > >> config: x86_64-randconfig-101-20250306
> > > >> compiler: gcc-12
> > > >> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > > >>
> > > >> (please refer to attached dmesg/kmsg for entire log/backtrace)
> > > >>
> >
> Could you please share your view what we should do with the patch in
> question? I mean we can drop it, since it is broken and there is also
> another option - it is to fix the broken patch.
I dropped it. This can be addressed in the next version, if there is one.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from
2025-03-11 18:18 ` Andrew Morton
@ 2025-03-11 20:26 ` Uladzislau Rezki
0 siblings, 0 replies; 7+ messages in thread
From: Uladzislau Rezki @ 2025-03-11 20:26 UTC (permalink / raw)
To: Andrew Morton
Cc: Uladzislau Rezki, liuye, oe-lkp, lkp, Christop Hellwig, linux-mm
On Tue, Mar 11, 2025 at 11:18:28AM -0700, Andrew Morton wrote:
> On Tue, 11 Mar 2025 13:43:44 +0100 Uladzislau Rezki <urezki@gmail.com> wrote:
>
> > > > >> config: x86_64-randconfig-101-20250306
> > > > >> compiler: gcc-12
> > > > >> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > > > >>
> > > > >> (please refer to attached dmesg/kmsg for entire log/backtrace)
> > > > >>
> > >
> > Could you please share your view what we should do with the patch in
> > question? I mean we can drop it, since it is broken and there is also
> > another option - it is to fix the broken patch.
>
> I dropped it. This can be addressed in the next version, if there is one.
>
Thank you!
--
Uladzislau Rezki
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-03-11 20:26 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-03-10 12:52 [linux-next:master] [mm/vmalloc] ff6f2b81ea: WARNING:at_kernel/fork.c:#vm_area_init_from kernel test robot
2025-03-10 16:52 ` Uladzislau Rezki
2025-03-11 7:26 ` liuye
2025-03-11 10:24 ` Uladzislau Rezki
2025-03-11 12:43 ` Uladzislau Rezki
2025-03-11 18:18 ` Andrew Morton
2025-03-11 20:26 ` Uladzislau Rezki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox