From: Qian Cai <quic_qiancai@quicinc.com>
To: Andrey Konovalov <andreyknvl@gmail.com>
Cc: <andrey.konovalov@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
Marco Elver <elver@google.com>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Peter Collingbourne <pcc@google.com>,
Evgenii Stepanov <eugenis@google.com>,
LKML <linux-kernel@vger.kernel.org>,
Andrey Konovalov <andreyknvl@google.com>
Subject: Re: [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS
Date: Thu, 28 Apr 2022 12:12:54 -0400 [thread overview]
Message-ID: <20220428161254.GA182@qian> (raw)
In-Reply-To: <CA+fCnZesRG_WLi2fEHtG=oNLt2oJ7RrZuwuCm_rQDPZLoZr-3g@mail.gmail.com>
On Thu, Apr 28, 2022 at 05:28:12PM +0200, Andrey Konovalov wrote:
> No ideas so far.
>
> Looks like the page has reserved tag set when it's being freed.
>
> Does this crash only happen with the SW_TAGS mode?
No, the system is running exclusively with CONFIG_KASAN_GENERIC=y
> Does this crash only happen when loading modules?
Yes. Here is another sligtly different path at the bottom.
> Does your system have any hot-plugged memory?
No.
BUG: Bad page state in process systemd-udevd pfn:403fc007c
page:fffffd00fd001f00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007c
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001f08 fffffd00fd001f08 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Not tainted 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_pages_prepare at mm/page_alloc.c:1348
(inlined by) free_pcp_prepare at mm/page_alloc.c:1403
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
(inlined by) kasan_depopulate_vmalloc_pte at mm/kasan/shadow.c:359
apply_to_pte_range
apply_to_pte_range at mm/memory.c:2547
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
(inlined by) kasan_release_vmalloc at mm/kasan/shadow.c:469
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Disabling lock debugging due to kernel taint
BUG: Bad page state in process systemd-udevd pfn:403fc007b
page:fffffd00fd001ec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007b
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001ec8 fffffd00fd001ec8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Tainted: G B 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
apply_to_pte_range
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
prev parent reply other threads:[~2022-04-28 16:13 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-24 18:02 [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 01/39] kasan, page_alloc: deduplicate should_skip_kasan_poison andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 02/39] kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 03/39] kasan, page_alloc: merge kasan_free_pages into free_pages_prepare andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 04/39] kasan, page_alloc: simplify kasan_poison_pages call site andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 05/39] kasan, page_alloc: init memory of skipped pages on free andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 06/39] kasan: drop skip_kasan_poison variable in free_pages_prepare andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 07/39] mm: clarify __GFP_ZEROTAGS comment andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 08/39] kasan: only apply __GFP_ZEROTAGS when memory is zeroed andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 09/39] kasan, page_alloc: refactor init checks in post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 10/39] kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 11/39] kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 12/39] kasan, page_alloc: move SetPageSkipKASanPoison " andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 13/39] kasan, page_alloc: move kernel_init_free_pages " andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 14/39] kasan, page_alloc: rework kasan_unpoison_pages call site andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 15/39] kasan: clean up metadata byte definitions andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 16/39] kasan: define KASAN_VMALLOC_INVALID for SW_TAGS andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 17/39] kasan, x86, arm64, s390: rename functions for modules shadow andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 18/39] kasan, vmalloc: drop outdated VM_KASAN comment andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 19/39] kasan: reorder vmalloc hooks andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 20/39] kasan: add wrappers for " andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 21/39] kasan, vmalloc: reset tags in vmalloc functions andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 22/39] kasan, fork: reset pointer tags of vmapped stacks andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 23/39] kasan, arm64: " andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 24/39] kasan, vmalloc: add vmalloc tagging for SW_TAGS andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 25/39] kasan, vmalloc, arm64: mark vmalloc mappings as pgprot_tagged andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 26/39] kasan, vmalloc: unpoison VM_ALLOC pages after mapping andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 27/39] kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS andrey.konovalov
2022-03-23 11:48 ` Vlastimil Babka
2022-03-23 13:02 ` Sebastian Andrzej Siewior
2022-03-23 13:19 ` Vlastimil Babka
2022-03-23 13:36 ` Andrey Konovalov
2022-03-23 13:57 ` Vlastimil Babka
2022-03-23 15:11 ` Matthew Wilcox
2022-03-25 21:13 ` Andrew Morton
2022-01-24 18:05 ` [PATCH v6 28/39] kasan, page_alloc: allow skipping unpoisoning for HW_TAGS andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 29/39] kasan, page_alloc: allow skipping memory init " andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 30/39] kasan, vmalloc: add vmalloc tagging " andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 31/39] kasan, vmalloc: only tag normal vmalloc allocations andrey.konovalov
2022-03-08 15:17 ` Vasily Gorbik
2022-03-08 15:30 ` Andrey Konovalov
2022-03-08 15:48 ` Vasily Gorbik
2022-01-24 18:05 ` [PATCH v6 32/39] kasan, arm64: don't tag executable " andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 33/39] kasan: mark kasan_arg_stacktrace as __initdata andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 34/39] kasan: clean up feature flags for HW_TAGS mode andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 35/39] kasan: add kasan.vmalloc command line flag andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 36/39] kasan: allow enabling KASAN_VMALLOC and SW/HW_TAGS andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 37/39] arm64: select KASAN_VMALLOC for SW/HW_TAGS modes andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 38/39] kasan: documentation updates andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 39/39] kasan: improve vmalloc tests andrey.konovalov
2022-01-24 18:09 ` [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS Marco Elver
2022-01-24 18:32 ` Andrey Konovalov
2022-04-28 14:13 ` Qian Cai
2022-04-28 15:28 ` Andrey Konovalov
2022-04-28 16:12 ` Qian Cai [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220428161254.GA182@qian \
--to=quic_qiancai@quicinc.com \
--cc=akpm@linux-foundation.org \
--cc=andrey.konovalov@linux.dev \
--cc=andreyknvl@gmail.com \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=pcc@google.com \
--cc=ryabinin.a.a@gmail.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).