Re: [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS

From: Qian Cai
Date: Thu Apr 28 2022 - 12:13:10 EST

Next message: James Clark: "Re: [PATCH] perf tests: Fix coresight `perf test` failure."
Previous message: Peter Zijlstra: "Re: [PATCH 7/9] ptrace: Simplify the wait_task_inactive call in ptrace_check_attach"
In reply to: Andrey Konovalov: "Re: [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 28, 2022 at 05:28:12PM +0200, Andrey Konovalov wrote:
> No ideas so far.
>
> Looks like the page has reserved tag set when it's being freed.
>
> Does this crash only happen with the SW_TAGS mode?

No, the system is running exclusively with CONFIG_KASAN_GENERIC=y

> Does this crash only happen when loading modules?

Yes. Here is another sligtly different path at the bottom.

> Does your system have any hot-plugged memory?

No.

BUG: Bad page state in process systemd-udevd pfn:403fc007c
page:fffffd00fd001f00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007c
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001f08 fffffd00fd001f08 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Not tainted 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_pages_prepare at mm/page_alloc.c:1348
(inlined by) free_pcp_prepare at mm/page_alloc.c:1403
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
(inlined by) kasan_depopulate_vmalloc_pte at mm/kasan/shadow.c:359
apply_to_pte_range
apply_to_pte_range at mm/memory.c:2547
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
(inlined by) kasan_release_vmalloc at mm/kasan/shadow.c:469
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Disabling lock debugging due to kernel taint
BUG: Bad page state in process systemd-udevd pfn:403fc007b
page:fffffd00fd001ec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007b
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001ec8 fffffd00fd001ec8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Tainted: G B 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
apply_to_pte_range
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync

Next message: James Clark: "Re: [PATCH] perf tests: Fix coresight `perf test` failure."
Previous message: Peter Zijlstra: "Re: [PATCH 7/9] ptrace: Simplify the wait_task_inactive call in ptrace_check_attach"
In reply to: Andrey Konovalov: "Re: [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]