search

google / kmsan

KernelMemorySanitizer, a detector of uses of uninitialized memory in the Linux kernel
Other
406 stars 63 forks source link

bochs shadow buffer breaks KMSAN #67

Closed ramosian-glider closed 2 years ago

ramosian-glider commented 5 years ago

58540594570778fd149cd8c9b2bff61f2cefa8c9 breaks KMSAN, causing sporadic uninit reports in mm/ followed by OOMs, e.g.:

=====================================================
 BUG: KMSAN: uninit-value in[<     inline     >] balance_pgdat mm/vmscan.c:3739
 BUG: KMSAN: uninit-value in[<      none      >] kswapd+0x309f/0x3920 mm/vmscan.c:3956
 CPU: 0 PID: 2335 Comm: kswapd0 Not tainted 5.4.0-rc8+ #3427
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
 Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:77
 [<      none      >] dump_stack+0x1ce/0x230 lib/dump_stack.c:118
 [<      none      >] kmsan_report+0x127/0x220 mm/kmsan/kmsan_report.c:108
 [<      none      >] __msan_warning+0x64/0xc0 mm/kmsan/kmsan_instr.c:245
 [<     inline     >] balance_pgdat mm/vmscan.c:3739
 [<      none      >] kswapd+0x309f/0x3920 mm/vmscan.c:3956
 [<      none      >] kthread+0x4b5/0x4f0 drivers/block/aoe/aoecmd.c:1303
  ?[<      none      >] kswapd_run+0x390/0x390 mm/vmscan.c:4092
  ?[<      none      >] kthread_blkcg+0xf0/0xf0 kernel/kthread.c:1239
 [<      none      >] ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353

 Local variable description: ----wait.i@kswapd
 Variable was created at:
 [<     inline     >] kswapd_try_to_sleep mm/vmscan.c:3802
 [<      none      >] kswapd+0x354/0x3920 mm/vmscan.c:3926
 [<     inline     >] kswapd_try_to_sleep mm/vmscan.c:3802
 [<      none      >] kswapd+0x354/0x3920 mm/vmscan.c:3926
 =====================================================
 Disabling lock debugging due to kernel taint
 BUG: Bad page state in process kcompactd0  pfn:147dc7
 page:ffffe16806674e30 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0
 raw: 02fffc0000000000 dead000000000100 dead000000000122 0000000000000000
 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
 raw: 0000000000000000 0000000000000000
 page dumped because: nonzero _refcount
 Modules linked in:
 CPU: 0 PID: 1833 Comm: kcompactd0 Tainted: G    B             5.4.0-rc8+ #3427
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
 Call Trace:
 [<     inline     >] __dump_stack lib/dump_stack.c:77
 [<      none      >] dump_stack+0x1ce/0x230 lib/dump_stack.c:118
 [<      none      >] bad_page+0x52c/0x630 mm/page_alloc.c:651
 [<     inline     >] free_pages_check_bad mm/page_alloc.c:1059
 [<     inline     >] free_pages_check mm/page_alloc.c:1068
 [<     inline     >] bulkfree_pcp_prepare mm/page_alloc.c:1235
 [<      none      >] free_pcppages_bulk+0xcd4/0x1510 mm/page_alloc.c:1296
 [<      none      >] free_unref_page_commit+0x375/0x730 mm/page_alloc.c:3062
 [<     inline     >] free_unref_page mm/page_alloc.c:3078
 [<     inline     >] free_the_page mm/page_alloc.c:4832
 [<      none      >] __free_pages+0x1d8/0x230 mm/page_alloc.c:4840
 [<      none      >] kmsan_free_page+0x14c/0x1c0 mm/kmsan/kmsan_shadow.c:439
 [<     inline     >] free_pages_prepare mm/page_alloc.c:1138
 [<     inline     >] free_pcp_prepare mm/page_alloc.c:1230
 [<      none      >] free_unref_page_prepare+0x1dc/0x770 mm/page_alloc.c:3025
 [<      none      >] free_unref_page+0xaf/0x190 mm/page_alloc.c:3074
 [<     inline     >] __put_single_page mm/swap.c:81
 [<      none      >] __put_page+0xe6/0x210 mm/swap.c:115
 [<     inline     >] put_page ./include/linux/mm.h:1050
 [<     inline     >] unmap_and_move mm/migrate.c:1227
 [<      none      >] migrate_pages+0x34b7/0x3960 mm/migrate.c:1427
  ?[<      none      >] compact_zone+0x6580/0x6580 mm/compaction.c:2185
  ?[<      none      >] compaction_alloc+0x4030/0x4030 mm/compaction.c:1323
  ?[<      none      >] remove_migration_ptes+0x170/0x170 mm/migrate.c:300
 [<      none      >] compact_zone+0x3309/0x6580 mm/compaction.c:2206
 [<     inline     >] kcompactd_do_work mm/compaction.c:2567
 [<      none      >] kcompactd+0xd0d/0x1de0 mm/compaction.c:2660
 [<      none      >] kthread+0x4b5/0x4f0 drivers/block/aoe/aoecmd.c:1303
  ?[<      none      >] kcompactd_run+0x330/0x330 mm/compaction.c:2682
  ?[<      none      >] kthread_blkcg+0xf0/0xf0 kernel/kthread.c:1239
 [<      none      >] ret_from_fork+0x35/0x40 arch/x86/entry/entry_64.S:353

A temporary workaround is 31040038c24cea2b3e2b6d7eaa8a16242f2b6e93

ramosian-glider commented 2 years ago

This is not relevant anymore.