View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001816Rocky-Linux-9kernelpublic2023-01-12 12:432023-01-17 01:58
ReporterZhen Zhang Assigned ToLouis Abel  
PriorityimmediateSeverityblockReproducibilityalways
Status needinfoResolutionopen 
Summary0001816: vfree bad address lead by LTP test case
Description[ 1603.716647] ------------[ cut here ]------------
[ 1603.722384] Trying to vfree() bad address (0000000019d05582)
[ 1603.729282] WARNING: CPU: 188 PID: 1368 at mm/vmalloc.c:2608 __vunmap+0x24d/0x280
[ 1603.738219] Modules linked in: brd overlay exfat loop cuse fuse binfmt_misc bonding tls esp6_offload esp6 esp4_offload esp4
intel_rapl_msr intel_rapl_common i10nm_edac nfit libnvdimm x86_pkg_temp_thermal coretemp kvm_intel iTCO_wdt pmt_crashlog pmt_te
lemetry iTCO_vendor_support pmt_class intel_sdsi kvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel irdma vfat rap
l i40e cdc_ether ib_uverbs acpi_ipmi xfs intel_cstate qat_4xxx fat usbnet libcrc32c isst_if_mmio isst_if_mbox_pci intel_qat idx
d mei_me i2c_i801 ipmi_si ib_core pcspkr joydev crc8 mii isst_if_common intel_uncore idxd_bus intel_vsec mei i2c_smbus i2c_ismt
 sg ipmi_devintf ipmi_msghandler wmi acpi_power_meter pinctrl_emmitsburg ip_tables ext4 mbcache jbd2 sd_mod t10_pi ast i2c_algo
_bit drm_vram_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_ttm_helper ttm ice ahci libahci drm crc32
c_intel libata
[ 1603.830317] CPU: 188 PID: 1368 Comm: kworker/188:1 Kdump: loaded Tainted: G S --------- --- 5.14.0-3.0.0.kwai
.x86_64 #1
[ 1603.844929] Hardware name: Nettrix C/B0EA32, BIOS 0.9.1 08/02/2022
[ 1603.852424] Workqueue: events free_work
[ 1603.857300] RIP: 0010:__vunmap+0x24d/0x280
[ 1603.862464] Code: 41 5d 41 5e e9 c4 33 03 00 31 d2 31 f6 48 c7 c7 ff ff ff ff e8 a4 c7 ff ff eb b2 48 89 fe 48 c7 c7 c0 cb 1
6 a5 e8 de 4a 73 00 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 4c 89 e6 48 c7 c7 e8
[ 1603.884591] RSP: 0018:ff2b2fb61c3c7e58 EFLAGS: 00010282
[ 1603.891021] RAX: 0000000000000000 RBX: 0000000000000bc0 RCX: 0000000000000000
[ 1603.899594] RDX: ff266b58bfb26880 RSI: ff266b58bfb19ca0 RDI: ff266b58bfb19ca0
[ 1603.908165] RBP: 0000000000000001 R08: 0000000000000000 R09: c0000000fffeffff
[ 1603.916748] R10: 0000000000000001 R11: ff2b2fb61c3c7c68 R12: ff266adae1983bc0
[ 1603.925333] R13: 0000000000000000 R14: ff266b58bfb2a840 R15: ff266b58bfb27af0
[ 1603.933925] FS: 0000000000000000(0000) GS:ff266b58bfb00000(0000) knlGS:0000000000000000
[ 1603.943596] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1603.950660] CR2: 0000000000d47e08 CR3: 0000005e26410006 CR4: 0000000000771ee0
[ 1603.951430] LTP: starting fpathconf01
[ 1603.959289] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1603.972664] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[ 1603.981328] PKRU: 55555554
[ 1603.984998] Call Trace:
[ 1603.988373] free_work+0x21/0x30
[ 1603.992636] process_one_work+0x1cb/0x370
[ 1603.997772] worker_thread+0x30/0x390
[ 1604.002534] ? process_one_work+0x370/0x370
[ 1604.007884] kthread+0x13e/0x160
[ 1604.012176] ? set_kthread_struct+0x50/0x50
[ 1604.017518] ret_from_fork+0x1f/0x30
[ 1604.022188] ---[ end trace dac80ad3ede3eeb8 ]---
[ 1604.028048] ------------[ cut here ]------------
Steps To ReproduceLTP fork14 case

or

#include <stdio.h>
#include <unistd.h>
#include <sys/mman.h>

#define GIG 1024 * 1024 * 1024L
#define EXTENT 16393

int main(void)
{
  int i, r;
  void *m;
  char buf[1024];

  for (i = 0; i < EXTENT; i++) {
    m = mmap(NULL, (size_t) 1 * 1024 * 1024 * 1024L,
        PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);

    if (m == (void *)-1)
      printf("MMAP Failed: %d\n", m);
    else
      printf("%d : MMAP returned %p\n", i, m);

    r = fork();

    if (r == 0) {
      printf("%d: successed\n", i);
      return 0;
    } else if (r < 0)
      printf("FORK Failed: %d\n", r);
    else if (r > 0)
      wait(NULL);
  }
  return 0;
}
Tagskernel,ltp, vfree

Activities

Louis Abel

Louis Abel

2023-01-14 06:06

administrator   ~0002113

Hello, thank you for the report.

Unfortunately there is not enough details provided on this bug report, such as kernel version, resources, among other information. As you may be aware, we are a downstream distribution of RHEL and are unable to resolve issues like this ourselves. We can however assist in submitting a bug report upstream for you if it is reproducible and repeatable.

Based on "5.14.0-3.0.0.kwai.x86_64", this appears to be a custom kernel. Is this a custom built kernel you are using? If so, this is unsupported. Can this "test case" be repeated on a current running 9.1 kernel successfully? If so, it could be possible to report the issue to red hat.
Zhen Zhang

Zhen Zhang

2023-01-17 01:58

reporter   ~0002146

Yes,it's can repeated on rocky 9.1 with kernel-5.14.0-162.6.1.el9_1.0.1.x86_64.

Issue History

Date Modified Username Field Change
2023-01-12 12:43 Zhen Zhang New Issue
2023-01-12 12:44 Zhen Zhang Tag Attached: kernel,ltp
2023-01-12 12:44 Zhen Zhang Tag Attached: vfree
2023-01-14 06:06 Louis Abel Assigned To => Louis Abel
2023-01-14 06:06 Louis Abel Status new => needinfo
2023-01-14 06:06 Louis Abel Note Added: 0002113
2023-01-17 01:58 Zhen Zhang Note Added: 0002146