linux uml segfault

Anton Ivanov anton.ivanov at kot-begemot.co.uk
Tue Feb 23 05:50:35 EST 2021 


On 23/02/2021 08:06, Ritesh Raj Sarraf wrote:
> Hi,
> 
> Recently, with the Linux 5.10 release, I have run into the following
> segfault on UML. I was a little disappointed in myself that this
> slipped my regular set of tests, before being pushed to Debian. It is
> right now part of Debian Testing too and I'd hate to have it removed
> from the Bullseye release.
> 
> What is worse is that (to do some quick tests) I reverted to an older
> UML (5.9) which I recollect to have working, and that too failed on the
> setups.
> 
> In regard to setups, I tried and reproduced the issue on 3 different
> machines, but all running Intel hardware. And all running 5.10 host
> kernel
> 
> 
> It would really help if others on this mailing list can check and
> validate if they run into this problem. So far I have had 1 report of
> being able to reproduce this bug other than me. I have also had 1
> report of not being able to reproduce this bug.

Confirmed. This is the asprintf issue. It is usually just a warning, but for your config it causes a guaranteed segfault.

You need 97be7ceaf7fea68104824b6aa874cff235333ac1 um: Remove use of asprinf in umid.c

In the patchset for the debian package.

A.
> 
> 
> Thanks,
> Ritesh
> 
> 
> ```
> rrs at priyasi:~$ linux ubd0=~/rrs-home/Libvirt-Images/uml.img
> vec0:transport=tap,ifname=tap0,gro=1 mem=1024M rw
> Core dump limits :
>          soft - 0
>          hard - NONE
> Checking that ptrace can change system call numbers...OK
> Checking syscall emulation patch for ptrace...OK
> Checking advanced syscall emulation patch for ptrace...OK
> Checking environment variables for a tempdir...none found
> Checking if /dev/shm is on tmpfs...OK
> Checking PROT_EXEC mmap in /dev/shm...OK
> Adding 5906432 bytes to physical memory to account for exec-shield gap
> kmsg_dump:
> <5>Linux version 5.10.5 (buildd at x86-conova-01) (gcc (Debian 10.2.1-6)
> 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.1) #1 Mon Jan 11
> 20:40:53 UTC 2021
> <6>Zone ranges:
> <6>  Normal   [mem 0x0000000000000000-0x00000000a05a1fff]
> <6>Movable zone start for each node
> <6>Early memory node ranges
> <6>  node   0: [mem 0x0000000000000000-0x00000000405a1fff]
> <6>Initmem setup node 0 [mem 0x0000000000000000-0x00000000405a1fff]
> <7>On node 0 totalpages: 263586
> <7>  Normal zone: 4119 pages used for memmap
> <7>  Normal zone: 0 pages reserved
> <7>  Normal zone: 263586 pages, LIFO batch:63
> <7>pcpu-alloc: s0 r0 d32768 u32768 alloc=1*32768
> <7>pcpu-alloc: [0] 0
> <6>Built 1 zonelists, mobility grouping on.  Total pages: 259467
> <5>Kernel command line: ubd0=/home/rrs/rrs-home/Libvirt-Images/uml.img
> vec0:transport=tap,ifname=tap0,gro=1 mem=1024M rw root=98:0
> <6>Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes,
> linear)
> <6>Inode-cache hash table entries: 65536 (order: 7, 524288 bytes,
> linear)
> <6>mem auto-init: stack:off, heap alloc:off, heap free:off
> <6>Memory: 1016464K/1054344K available (5830K kernel code, 1535K
> rwdata, 1744K rodata, 191K init, 225K bss, 37880K reserved, 0K cma-
> reserved)
> <6>SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1
> <6>NR_IRQS: 24
> <6>clocksource: timer: mask: 0xffffffffffffffff max_cycles:
> 0x1cd42e205, max_idle_ns: 881590404426 ns
> <6>Calibrating delay loop... 5731.94 BogoMIPS (lpj=28659712)
> <6>pid_max: default: 32768 minimum: 301
> <6>LSM: Security Framework initializing
> <6>Yama: disabled by default; enable with sysctl kernel.yama.*
> <6>SELinux:  Initializing.
> <6>TOMOYO Linux initialized
> <6>Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
> <6>Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes,
> linear)
> <4>
> <4>Modules linked in:
> <6>Pid: 0, comm: swapper Not tainted 5.10.5
> <6>RIP: 0033:[<00000000604d4201>]
> <6>RSP: 00007ffca56a8890  EFLAGS: 00010206
> <6>RAX: 0000000600000000 RBX: 0000000000000059 RCX: 00007ffca56a8000
> <6>RDX: 0000000000000035 RSI: 0000000060b69a71 RDI: 0000000060d8ac3b
> <6>RBP: 0000000000000000 R08: 0000000060b69a72 R09: 0000000060d8abe2
> <6>R10: 0000000080000000 R11: 3d74696e695f676e R12: 0000000000000002
> <6>R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000001
> <0>Kernel panic - not syncing: Segfault with no mm
> <4>CPU: 0 PID: 0 Comm: swapper Not tainted 5.10.5 #1
> <4>Stack:
> <4> 61335b50 8000000000000000 7fae69465908 7fae69465ae5
> <4> 7fae698ae9e8 00000000 7ffca56a88d0 00000400
> <4> 7fae6985bf20 7fae698ae9e8 00000000 00000000Call Trace:
> <4> [<604d4fa3>] ? __printk_safe_enter+0x0/0x35
> <4> [<604d154a>] ? arch_local_irq_save+0x0/0x22
> <4> [<604d46f5>] ? vprintk_emit+0x9d/0x185
> <4> [<604d49d3>] ? vprintk_deferred+0x1d/0x32
> <4> [<60a26ee2>] ? printk_deferred+0x93/0x9b
> <4> [<6088f79f>] ? bucket_table_alloc.isra.0+0x115/0x13d
> <4> [<60a26e4f>] ? printk_deferred+0x0/0x9b
> <4> [<6049cddb>] ? set_signals+0x0/0x38
> <4> [<60589588>] ? arch_local_irq_save+0x0/0x22
> <4> [<6055c928>] ? kvmalloc_node+0x56/0x96
> <4> [<6058d3c0>] ? __kmalloc+0x1e2/0x1f9
> <4> [<608e3d32>] ? ___ratelimit+0xd0/0xde
> <4> [<6088f79f>] ? bucket_table_alloc.isra.0+0x115/0x13d
> <4> [<60901485>] ? _warn_unseeded_randomness+0x60/0x8f
> <4> [<6090295b>] ? get_random_u32+0x29/0x98
> <4> [<6088f79f>] ? bucket_table_alloc.isra.0+0x115/0x13d
> <4> [<6088f68a>] ? bucket_table_alloc.isra.0+0x0/0x13d
> <4> [<6088ff7a>] ? rhashtable_init+0x175/0x1ca
> <4> [<607ef317>] ? ipc_init_ids+0x4e/0x6f
> <4> [<600153bd>] ? sem_init+0x17/0x45
> <4> [<6049d0e5>] ? start_ptraced_child+0x0/0x180
> <4> [<604a0ce0>] ? kernel_longjmp+0x0/0x20
> <4> [<6049cc3d>] ? set_handler+0x123/0x15b
> <4> [<6049c9ee>] ? hard_handler+0x0/0xcd
> <4> [<604a0ce0>] ? kernel_longjmp+0x0/0x20
> <4> [<6049c3a6>] ? openpty_cb+0x22/0x3b
> <4> [<6049fb4b>] ? start_idle_thread+0x66/0x116
> <4> [<60004613>] ? linux_main+0x2e7/0x2f9
> <4> [<6049cc86>] ? change_sig+0x0/0x6a
> <4> [<6000565e>] ? main+0x230/0x2dc
> <4> [<60a256b0>] ? __libc_csu_init+0x0/0x60
> <4> [<604827d0>] ? _start+0x0/0x30
> <4> [<6000542e>] ? main+0x0/0x2dc
> <4> [<604827d0>] ? _start+0x0/0x30
> <4> [<604827d0>] ? _start+0x0/0x30
> <4> [<604827fa>] ? _start+0x2a/0x30
> <4> [<604827d0>] ? _start+0x0/0x30
> Aborted (core dumped)
> ```
> 
> 
> _______________________________________________
> linux-um mailing list
> linux-um at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/linux-um
> 

-- 
Anton R. Ivanov
https://www.kot-begemot.co.uk/

More information about the linux-um mailing list