From: Qian Cai <quic_qiancai@quicinc.com>
To: Liam Howlett <liam.howlett@oracle.com>
Cc: Nathan Chancellor <nathan@kernel.org>,
"maple-tree@lists.infradead.org" <maple-tree@lists.infradead.org>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Mark Brown <broonie@kernel.org>
Subject: Re: [PATCH v6 00/71] Introducing the Maple Tree
Date: Mon, 28 Feb 2022 06:56:37 -0500 [thread overview]
Message-ID: <Yhy4dXi1WxcKYBJH@qian> (raw)
In-Reply-To: <20220226015803.h4w6y3doe3om2sbc@revolver>
On Sat, Feb 26, 2022 at 01:58:09AM +0000, Liam Howlett wrote:
> Maybe? I'm trying to figure out why it's having issues.. I've not been
> able to reproduce it with just my maple tree branch. Steven Rostedt
> found a bad commit that has been fixed in either 20220224, I believe
> [1]. It might be best to try next-20220225 and see if you have better
> luck if that's an option.
Same thing for next-20220225. I just need to boot it and it will crash
shortly after.
BUG: KASAN: use-after-free in move_vma.isra.0
Read of size 8 at addr ffff00088f74c7e8 by task apt-check/2331
CPU: 2 PID: 2331 Comm: apt-check Tainted: G W 5.17.0-rc5-next-20220225 #245
Hardware name: MiTAC RAPTOR EV-883832-X3-0001/RAPTOR, BIOS 1.6 06/28/2020
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
print_address_description.constprop.0
kasan_report
__asan_report_load8_noabort
move_vma.isra.0
__do_sys_mremap
__arm64_sys_mremap
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Allocated by task 2331:
kasan_save_stack
__kasan_slab_alloc
slab_post_alloc_hook
kmem_cache_alloc
vm_area_dup
__split_vma
do_mas_align_munmap.isra.0
do_mas_munmap
__vm_munmap
__arm64_sys_munmap
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Freed by task 2331:
kasan_save_stack
kasan_set_track
kasan_set_free_info
__kasan_slab_free
kmem_cache_free
vm_area_free
remove_vma
do_mas_align_munmap.isra.0
do_mas_munmap
do_munmap
move_vma.isra.0
__do_sys_mremap
__arm64_sys_mremap
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
The buggy address belongs to the object at ffff00088f74c7c8
which belongs to the cache vm_area_struct of size 144
The buggy address is located 32 bytes inside of
144-byte region [ffff00088f74c7c8, ffff00088f74c858)
The buggy address belongs to the physical page:
page:fffffc00223dd300 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x90f74c
head:fffffc00223dd300 order:2 compound_mapcount:0 compound_pincount:0
memcg:ffff000884a75001
flags: 0xbfffc0000010200(slab|head|node=0|zone=2|lastcpupid=0xffff)
raw: 0bfffc0000010200 fffffc00223dd008 fffffc0021e6bc08 ffff000800f5b380
raw: 0000000000000000 0000000000210021 00000001ffffffff ffff000884a75001
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff00088f74c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff00088f74c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff00088f74c780: fc fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb
^
ffff00088f74c800: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
ffff00088f74c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
Disabling lock debugging due to kernel taint
Unable to handle kernel paging request at virtual address dfff800000000004
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
Mem abort info:
ESR = 0x96000004
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = 0x04: level 0 translation fault
Data abort info:
ISV = 0, ISS = 0x00000004
CM = 0, WnR = 0
[dfff800000000004] address between user and kernel address ranges
Internal error: Oops: 96000004 [#1] PREEMPT SMP
Modules linked in: ipmi_devintf ipmi_msghandler cppc_cpufreq drm ip_tables x_tables ipv6 btrfs blake2b_generic libcrc32c xor xor_neon raid6_pq zstd_compress dm_mod crct10dif_ce nvme mlx5_core mpt3sas nvme_core raid_class
CPU: 2 PID: 2331 Comm: apt-check Tainted: G B W 5.17.0-rc5-next-20220225 #245
Hardware name: MiTAC RAPTOR EV-883832-X3-0001/RAPTOR, BIOS 1.6 06/28/2020
pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : move_vma.isra.0
lr : move_vma.isra.0
sp : ffff800016df7ad0
x29: ffff800016df7ad0 x28: ffff00088c7ba6c8 x27: 0000000000000001
x26: 0000ffffad180000 x25: ffff00088bea1c40 x24: ffff00088bea1dc8
x23: ffff00088c988040 x22: 0000000001800000 x21: 0000ffffab82d000
x20: 0000000000000000 x19: 1ffff00002dbef6c x18: 0000000000000066
x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
x14: 0000000000000000 x13: 0000000000001490 x12: 0000000000000001
x11: 0000000000000009 x10: 0000000000000000 x9 : ffff800008445544
x8 : 000000003fffffff x7 : ffff80000928fbc4 x6 : 00000000f1f1f1f1
x5 : dfff800000000000 x4 : ffff700002dbef18 x3 : 0000000041b58ab3
x2 : 0000000000000004 x1 : dfff800000000000 x0 : 0000000000000020
Call trace:
move_vma.isra.0
__do_sys_mremap
__arm64_sys_mremap
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Code: 91008000 d2d00001 f2fbffe1 d343fc02 (38e16841)
---[ end trace 0000000000000000 ]---
Kernel panic - not syncing: Oops: Fatal exception
SMP: stopping secondary CPUs
Kernel Offset: 0x160000 from 0xffff800008000000
PHYS_OFFSET: 0x80000000
CPU features: 0x00,00000942,40000846
Memory Limit: none
---[ end Kernel panic - not syncing: Oops: Fatal exception ]---
next prev parent reply other threads:[~2022-02-28 11:56 UTC|newest]
Thread overview: 101+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-15 14:37 [PATCH v6 00/71] Introducing the Maple Tree Liam Howlett
2022-02-15 14:42 ` [PATCH v6 01/71] binfmt_elf: Take the mmap lock when walking the VMA list Liam Howlett
2022-02-15 14:42 ` [PATCH v6 03/71] radix tree test suite: Add pr_err define Liam Howlett
2022-02-15 14:42 ` [PATCH v6 02/71] xarray: Fix bitmap breakage Liam Howlett
2022-02-15 14:42 ` [PATCH v6 04/71] radix tree test suite: Add kmem_cache_set_non_kernel() Liam Howlett
2022-02-15 14:42 ` [PATCH v6 05/71] radix tree test suite: Add allocation counts and size to kmem_cache Liam Howlett
2022-02-15 14:42 ` [PATCH v6 06/71] radix tree test suite: Add support for slab bulk APIs Liam Howlett
2022-02-15 14:42 ` [PATCH v6 07/71] radix tree test suite: Add lockdep_is_held to header Liam Howlett
2022-02-15 14:43 ` [PATCH v6 08/71] Maple Tree: Add new data structure Liam Howlett
2022-02-16 10:11 ` Mark Hemment
2022-02-16 18:25 ` Liam Howlett
2022-02-27 1:11 ` Vasily Gorbik
2022-02-27 12:46 ` Vasily Gorbik
2022-02-28 14:36 ` Liam Howlett
2022-03-01 2:01 ` Vasily Gorbik
2022-03-01 20:39 ` Liam Howlett
2022-03-01 22:50 ` Vasily Gorbik
2022-03-01 22:56 ` Vasily Gorbik
2022-03-02 14:08 ` Liam Howlett
2022-02-15 14:43 ` [PATCH v6 09/71] lib/test_maple_tree: Add testing for maple tree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 10/71] mm: Start tracking VMAs with " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 11/71] mm: Add VMA iterator Liam Howlett
2022-02-16 10:50 ` Mark Hemment
2022-02-16 18:32 ` Liam Howlett
2022-02-15 14:43 ` [PATCH v6 12/71] mmap: Use the VMA iterator in count_vma_pages_range() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 13/71] mm/mmap: Use the maple tree in find_vma() instead of the rbtree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 15/71] mm/mmap: Use maple tree for unmapped_area{_topdown} Liam Howlett
2022-02-15 14:43 ` [PATCH v6 16/71] kernel/fork: Use maple tree for dup_mmap() during forking Liam Howlett
2022-02-15 14:43 ` [PATCH v6 14/71] mm/mmap: Use the maple tree for find_vma_prev() instead of the rbtree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 18/71] proc: Remove VMA rbtree use from nommu Liam Howlett
2022-02-15 14:43 ` [PATCH v6 17/71] damon: Convert __damon_va_three_regions to use the VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 19/71] mm: Remove rb tree Liam Howlett
2022-02-15 14:43 ` [PATCH v6 20/71] mmap: Change zeroing of maple tree in __vma_adjust() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 23/71] mm/khugepaged: Optimize collapse_pte_mapped_thp() by using vma_lookup() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 21/71] xen: Use vma_lookup() in privcmd_ioctl_mmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 22/71] mm: Optimize find_exact_vma() to use vma_lookup() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 25/71] mm: Use maple tree operations for find_vma_intersection() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 24/71] mm/mmap: Change do_brk_flags() to expand existing VMA and add do_brk_munmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 26/71] mm/mmap: Use advanced maple tree API for mmap_region() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 27/71] mm: Remove vmacache Liam Howlett
2022-02-15 14:43 ` [PATCH v6 28/71] mm: Convert vma_lookup() to use mtree_load() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 29/71] mm/mmap: Move mmap_region() below do_munmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 30/71] mm/mmap: Reorganize munmap to use maple states Liam Howlett
2022-02-15 14:43 ` [PATCH v6 31/71] mm/mmap: Change do_brk_munmap() to use do_mas_align_munmap() Liam Howlett
2022-02-15 14:43 ` [PATCH v6 32/71] arm64: Remove mmap linked list from vdso Liam Howlett
2022-02-15 14:43 ` [PATCH v6 35/71] s390: Remove vma linked list walks Liam Howlett
2022-02-15 14:43 ` [PATCH v6 33/71] parisc: Remove mmap linked list from cache handling Liam Howlett
2022-02-17 20:18 ` Fwd: " Helge Deller
2022-02-15 14:43 ` [PATCH v6 34/71] powerpc: Remove mmap linked list walks Liam Howlett
2022-02-15 14:43 ` [PATCH v6 37/71] xtensa: Remove vma " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 38/71] cxl: Remove vma linked list walk Liam Howlett
2022-02-15 14:43 ` [PATCH v6 36/71] x86: Remove vma linked list walks Liam Howlett
2022-02-15 14:43 ` [PATCH v6 40/71] um: Remove vma linked list walk Liam Howlett
2022-02-15 14:43 ` [PATCH v6 39/71] optee: " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 41/71] binfmt_elf: " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 43/71] exec: Use VMA iterator instead of linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 42/71] coredump: Remove vma linked list walk Liam Howlett
2022-02-15 14:43 ` [PATCH v6 45/71] fs/proc/task_mmu: Stop using linked list and highest_vm_end Liam Howlett
2022-02-15 14:43 ` [PATCH v6 44/71] fs/proc/base: Use maple tree iterators in place of linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 47/71] ipc/shm: Use VMA iterator instead " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 46/71] userfaultfd: Use maple tree iterator to iterate VMAs Liam Howlett
2022-02-15 14:43 ` [PATCH v6 48/71] acct: Use VMA iterator instead of linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 49/71] perf: Use VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 50/71] sched: Use maple tree iterator to walk VMAs Liam Howlett
2022-02-15 14:43 ` [PATCH v6 51/71] fork: Use VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 52/71] bpf: Remove VMA linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 53/71] mm/gup: Use maple tree navigation instead of " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 55/71] mm/ksm: Use vma iterators instead of vma " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 54/71] mm/khugepaged: Stop using " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 57/71] mm/memcontrol: Stop using mm->highest_vm_end Liam Howlett
2022-02-15 14:43 ` [PATCH v6 56/71] mm/madvise: Use vma_find() instead of vma linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 58/71] mm/mempolicy: Use vma iterator & maple state " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 61/71] mm/mremap: Use vma_find_intersection() " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 60/71] mm/mprotect: Use maple tree navigation " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 59/71] mm/mlock: Use vma iterator and " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 62/71] mm/msync: Use vma_find() " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 63/71] mm/oom_kill: Use maple tree iterators " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 64/71] mm/pagewalk: Use vma_find() " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 66/71] i915: Use the VMA iterator Liam Howlett
2022-02-15 14:43 ` [PATCH v6 65/71] mm/swapfile: Use vma iterator instead of vma linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 68/71] riscv: Use vma iterator for vdso Liam Howlett
2022-02-15 14:43 ` [PATCH v6 69/71] mm: Remove the vma linked list Liam Howlett
2022-02-15 14:43 ` [PATCH v6 67/71] nommu: Remove uses of VMA " Liam Howlett
2022-02-15 14:43 ` [PATCH v6 70/71] mm/mmap: Drop range_has_overlap() function Liam Howlett
2022-02-15 14:43 ` [PATCH v6 71/71] mm/mmap.c: Pass in mapping to __vma_link_file() Liam Howlett
2022-02-16 19:47 ` [PATCH v6 00/71] Introducing the Maple Tree Andrew Morton
2022-02-16 20:24 ` Matthew Wilcox
2022-02-23 16:35 ` Mel Gorman
2022-02-23 16:45 ` Matthew Wilcox
2022-02-25 3:49 ` Qian Cai
2022-02-25 19:08 ` Liam Howlett
2022-02-25 20:23 ` Liam Howlett
2022-02-25 20:46 ` Qian Cai
2022-02-25 23:00 ` Nathan Chancellor
2022-02-26 1:58 ` Liam Howlett
2022-02-26 23:19 ` Hugh Dickins
2022-02-27 18:32 ` Hugh Dickins
2022-02-28 14:26 ` Liam Howlett
2022-02-28 11:56 ` Qian Cai [this message]
2022-02-27 2:22 ` Vasily Gorbik
2022-02-28 14:56 ` Liam Howlett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yhy4dXi1WxcKYBJH@qian \
--to=quic_qiancai@quicinc.com \
--cc=akpm@linux-foundation.org \
--cc=broonie@kernel.org \
--cc=liam.howlett@oracle.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=maple-tree@lists.infradead.org \
--cc=nathan@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.