This module in attach (similar to the one posted by @mjeanson) has been used as an effective reproducer for this bug. It looks like we need to reboot the system a couple of times and load this module to immediately trigger the bug.
** Attachment added: "vmalloc_sync_all() stress test" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830433/+attachment/5270656/+files/vmalloc-stress-test.c -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1830433 Title: 32-bit x86 kernel 4.15.0-50 crash in vmalloc_sync_all Status in linux package in Ubuntu: Confirmed Status in linux source package in Bionic: Confirmed Bug description: [Impact] Commit d653420532d580156c8486686899ea6a9eeb7bf0 in bionic enabled kernel page table isolation for x86_32, but also introduced a kernel bug (the BUG_ON() condition in vmalloc_sync_one()) that seems to happen when vmalloc_sync_all() is called multiple times (e.g., in a busy loop). The real problem seems to be a race condition with page-table entries' initialization that can be fixed applying the upstream commit 9bc4f28af75a91aea0ae383f50b0a430c4509303 ("x86/mm: Use WRITE_ONCE() when setting PTEs"). [Test Case] The bug can be easily triggered by rebooting the system a couple of times and loading this module: https://launchpadlibrarian.net/428142172/vmalloc-stress-test.c [Fix] The following upstream fix seems to resolve the problem: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9bc4f28af75a91aea0ae383f50b0a430c4509303 In addition to that the following other upstream fixes are required (all clean cherry picks) to do a cleaner backport of 9bc4f28af75a91aea0ae383f50b0a430c4509303: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=86fa949b050184ffc53688516a6a83ae5f98d08a https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=792adb90fa724ce07c0171cbc96b9215af4b1045 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5e0fb5df2ee871b841f96f9cb6a7f2784e96aa4e https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=785a19f9d1dd8a4ab2d0633be4656653bd3de1fc https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f967db0b9ed44ec3057a28f3b28efc51df51b835 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ba6f508d0ec4adb09f0a939af6d5e19cdfa8667d https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f77084d96355f5fba8e2c1fb3a51a393b1570de7 [Regression Potential] All upstream fixes, tested on the affected platform, backport changes are minimal. [Original bug report] Hi, I'm reproducing a kernel bug in vmalloc_sync_all() with a 32-bit x86 kernel. The problem appears in Linux ubuntu 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:45:45 UTC 2019 i686 i686 i686 GNU/Linux Kernels 4.15.0-49 and prior work fine. The kernel 4.18.0-20-generic works fine. This problem has not been experienced with upstream Linux kernels. It appears that invoking vmalloc_sync_all() a few times end up triggering this issue. This can be triggered by restarting the lttng- sessiond service with lttng-modules-dkms installed (sometimes a few restarts are needed to trigger the bug). This ends up unloading and reloading those modules, which issues a few vmalloc_sync_all() as side-effect. I'm not reporting this issue with the "ubuntu-bug linux" command because it crashes the system on that kernel (system hangs, no console output). My test system runs within a kvm virtual machine on a 64-bit host. lsb release: Description: Ubuntu 18.04.2 LTS Release: 18.04 Information about my kernel: linux-image-4.15.0-50-generic: Installed: 4.15.0-50.54 Candidate: 4.15.0-50.54 Version table: *** 4.15.0-50.54 500 500 http://ca.archive.ubuntu.com/ubuntu bionic-updates/main i386 Packages 500 http://security.ubuntu.com/ubuntu bionic-security/main i386 Packages 100 /var/lib/dpkg/status Information about lttng-modules-dkms: lttng-modules-dkms: Installed: 2.10.5-1ubuntu1.2 Candidate: 2.10.5-1ubuntu1.2 Version table: *** 2.10.5-1ubuntu1.2 500 500 http://ca.archive.ubuntu.com/ubuntu bionic-updates/universe i386 Packages 100 /var/lib/dpkg/status 2.10.5-1ubuntu1 500 500 http://ca.archive.ubuntu.com/ubuntu bionic/universe i386 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1830433/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
