From: Qian Cai <quic_qiancai@quicinc.com>
To: Andrey Konovalov <andreyknvl@gmail.com>
Cc: <andrey.konovalov@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
Marco Elver <elver@google.com>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Peter Collingbourne <pcc@google.com>,
Evgenii Stepanov <eugenis@google.com>,
LKML <linux-kernel@vger.kernel.org>,
Andrey Konovalov <andreyknvl@google.com>
Subject: Re: [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS
Date: Thu, 28 Apr 2022 12:12:54 -0400 [thread overview]
Message-ID: <20220428161254.GA182@qian> (raw)
In-Reply-To: <CA+fCnZesRG_WLi2fEHtG=oNLt2oJ7RrZuwuCm_rQDPZLoZr-3g@mail.gmail.com>
On Thu, Apr 28, 2022 at 05:28:12PM +0200, Andrey Konovalov wrote:
> No ideas so far.
>
> Looks like the page has reserved tag set when it's being freed.
>
> Does this crash only happen with the SW_TAGS mode?
No, the system is running exclusively with CONFIG_KASAN_GENERIC=y
> Does this crash only happen when loading modules?
Yes. Here is another sligtly different path at the bottom.
> Does your system have any hot-plugged memory?
No.
BUG: Bad page state in process systemd-udevd pfn:403fc007c
page:fffffd00fd001f00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007c
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001f08 fffffd00fd001f08 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Not tainted 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_pages_prepare at mm/page_alloc.c:1348
(inlined by) free_pcp_prepare at mm/page_alloc.c:1403
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
(inlined by) kasan_depopulate_vmalloc_pte at mm/kasan/shadow.c:359
apply_to_pte_range
apply_to_pte_range at mm/memory.c:2547
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
(inlined by) kasan_release_vmalloc at mm/kasan/shadow.c:469
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Disabling lock debugging due to kernel taint
BUG: Bad page state in process systemd-udevd pfn:403fc007b
page:fffffd00fd001ec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007b
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001ec8 fffffd00fd001ec8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Tainted: G B 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
apply_to_pte_range
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
WARNING: multiple messages have this Message-ID (diff)
From: Qian Cai <quic_qiancai@quicinc.com>
To: Andrey Konovalov <andreyknvl@gmail.com>
Cc: <andrey.konovalov@linux.dev>,
Andrew Morton <akpm@linux-foundation.org>,
Marco Elver <elver@google.com>,
Alexander Potapenko <glider@google.com>,
Dmitry Vyukov <dvyukov@google.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
kasan-dev <kasan-dev@googlegroups.com>,
Linux Memory Management List <linux-mm@kvack.org>,
Vincenzo Frascino <vincenzo.frascino@arm.com>,
"Catalin Marinas" <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>,
"Mark Rutland" <mark.rutland@arm.com>,
Linux ARM <linux-arm-kernel@lists.infradead.org>,
Peter Collingbourne <pcc@google.com>,
Evgenii Stepanov <eugenis@google.com>,
LKML <linux-kernel@vger.kernel.org>,
Andrey Konovalov <andreyknvl@google.com>
Subject: Re: [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS
Date: Thu, 28 Apr 2022 12:12:54 -0400 [thread overview]
Message-ID: <20220428161254.GA182@qian> (raw)
In-Reply-To: <CA+fCnZesRG_WLi2fEHtG=oNLt2oJ7RrZuwuCm_rQDPZLoZr-3g@mail.gmail.com>
On Thu, Apr 28, 2022 at 05:28:12PM +0200, Andrey Konovalov wrote:
> No ideas so far.
>
> Looks like the page has reserved tag set when it's being freed.
>
> Does this crash only happen with the SW_TAGS mode?
No, the system is running exclusively with CONFIG_KASAN_GENERIC=y
> Does this crash only happen when loading modules?
Yes. Here is another sligtly different path at the bottom.
> Does your system have any hot-plugged memory?
No.
BUG: Bad page state in process systemd-udevd pfn:403fc007c
page:fffffd00fd001f00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007c
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001f08 fffffd00fd001f08 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Not tainted 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_pages_prepare at mm/page_alloc.c:1348
(inlined by) free_pcp_prepare at mm/page_alloc.c:1403
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
(inlined by) kasan_depopulate_vmalloc_pte at mm/kasan/shadow.c:359
apply_to_pte_range
apply_to_pte_range at mm/memory.c:2547
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
(inlined by) kasan_release_vmalloc at mm/kasan/shadow.c:469
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
Disabling lock debugging due to kernel taint
BUG: Bad page state in process systemd-udevd pfn:403fc007b
page:fffffd00fd001ec0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x403fc007b
flags: 0x1bfffc0000001000(reserved|node=1|zone=2|lastcpupid=0xffff)
raw: 1bfffc0000001000 fffffd00fd001ec8 fffffd00fd001ec8 0000000000000000
raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
CPU: 101 PID: 2004 Comm: systemd-udevd Tainted: G B 5.17.0-rc8-next-20220317-dirty #39
Call trace:
dump_backtrace
show_stack
dump_stack_lvl
dump_stack
bad_page
free_pcp_prepare
free_unref_page
__free_pages
free_pages.part.0
free_pages
kasan_depopulate_vmalloc_pte
apply_to_pte_range
apply_to_pmd_range
apply_to_pud_range
__apply_to_page_range
apply_to_existing_page_range
kasan_release_vmalloc
__purge_vmap_area_lazy
_vm_unmap_aliases.part.0
__vunmap
__vfree
vfree
module_memfree
free_module
do_init_module
load_module
__do_sys_finit_module
__arm64_sys_finit_module
invoke_syscall
el0_svc_common.constprop.0
do_el0_svc
el0_svc
el0t_64_sync_handler
el0t_64_sync
next prev parent reply other threads:[~2022-04-28 16:14 UTC|newest]
Thread overview: 113+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-24 18:02 [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 01/39] kasan, page_alloc: deduplicate should_skip_kasan_poison andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 02/39] kasan, page_alloc: move tag_clear_highpage out of kernel_init_free_pages andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 03/39] kasan, page_alloc: merge kasan_free_pages into free_pages_prepare andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 04/39] kasan, page_alloc: simplify kasan_poison_pages call site andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 05/39] kasan, page_alloc: init memory of skipped pages on free andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 06/39] kasan: drop skip_kasan_poison variable in free_pages_prepare andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 07/39] mm: clarify __GFP_ZEROTAGS comment andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 08/39] kasan: only apply __GFP_ZEROTAGS when memory is zeroed andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 09/39] kasan, page_alloc: refactor init checks in post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 10/39] kasan, page_alloc: merge kasan_alloc_pages into post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 11/39] kasan, page_alloc: combine tag_clear_highpage calls in post_alloc_hook andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 12/39] kasan, page_alloc: move SetPageSkipKASanPoison " andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 13/39] kasan, page_alloc: move kernel_init_free_pages " andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 14/39] kasan, page_alloc: rework kasan_unpoison_pages call site andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 15/39] kasan: clean up metadata byte definitions andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:02 ` [PATCH v6 16/39] kasan: define KASAN_VMALLOC_INVALID for SW_TAGS andrey.konovalov
2022-01-24 18:02 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 17/39] kasan, x86, arm64, s390: rename functions for modules shadow andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 18/39] kasan, vmalloc: drop outdated VM_KASAN comment andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 19/39] kasan: reorder vmalloc hooks andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 20/39] kasan: add wrappers for " andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 21/39] kasan, vmalloc: reset tags in vmalloc functions andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 22/39] kasan, fork: reset pointer tags of vmapped stacks andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 23/39] kasan, arm64: " andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 24/39] kasan, vmalloc: add vmalloc tagging for SW_TAGS andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:04 ` [PATCH v6 25/39] kasan, vmalloc, arm64: mark vmalloc mappings as pgprot_tagged andrey.konovalov
2022-01-24 18:04 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 26/39] kasan, vmalloc: unpoison VM_ALLOC pages after mapping andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 27/39] kasan, mm: only define ___GFP_SKIP_KASAN_POISON with HW_TAGS andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-03-23 11:48 ` Vlastimil Babka
2022-03-23 11:48 ` Vlastimil Babka
2022-03-23 13:02 ` Sebastian Andrzej Siewior
2022-03-23 13:02 ` Sebastian Andrzej Siewior
2022-03-23 13:19 ` Vlastimil Babka
2022-03-23 13:19 ` Vlastimil Babka
2022-03-23 13:36 ` Andrey Konovalov
2022-03-23 13:36 ` Andrey Konovalov
2022-03-23 13:57 ` Vlastimil Babka
2022-03-23 13:57 ` Vlastimil Babka
2022-03-23 15:11 ` Matthew Wilcox
2022-03-23 15:11 ` Matthew Wilcox
2022-03-25 21:13 ` Andrew Morton
2022-03-25 21:13 ` Andrew Morton
2022-01-24 18:05 ` [PATCH v6 28/39] kasan, page_alloc: allow skipping unpoisoning for HW_TAGS andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 29/39] kasan, page_alloc: allow skipping memory init " andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 30/39] kasan, vmalloc: add vmalloc tagging " andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-25 3:17 ` kernel test robot
2022-01-24 18:05 ` [PATCH v6 31/39] kasan, vmalloc: only tag normal vmalloc allocations andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-25 4:19 ` kernel test robot
2022-01-25 7:56 ` kernel test robot
2022-03-08 15:17 ` Vasily Gorbik
2022-03-08 15:17 ` Vasily Gorbik
2022-03-08 15:30 ` Andrey Konovalov
2022-03-08 15:30 ` Andrey Konovalov
2022-03-08 15:48 ` Vasily Gorbik
2022-03-08 15:48 ` Vasily Gorbik
2022-01-24 18:05 ` [PATCH v6 32/39] kasan, arm64: don't tag executable " andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 33/39] kasan: mark kasan_arg_stacktrace as __initdata andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 34/39] kasan: clean up feature flags for HW_TAGS mode andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 35/39] kasan: add kasan.vmalloc command line flag andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 36/39] kasan: allow enabling KASAN_VMALLOC and SW/HW_TAGS andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 37/39] arm64: select KASAN_VMALLOC for SW/HW_TAGS modes andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 38/39] kasan: documentation updates andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:05 ` [PATCH v6 39/39] kasan: improve vmalloc tests andrey.konovalov
2022-01-24 18:05 ` andrey.konovalov
2022-01-24 18:09 ` [PATCH v6 00/39] kasan, vmalloc, arm64: add vmalloc tagging support for SW/HW_TAGS Marco Elver
2022-01-24 18:09 ` Marco Elver
2022-01-24 18:32 ` Andrey Konovalov
2022-01-24 18:32 ` Andrey Konovalov
2022-04-28 14:13 ` Qian Cai
2022-04-28 14:13 ` Qian Cai
2022-04-28 15:28 ` Andrey Konovalov
2022-04-28 15:28 ` Andrey Konovalov
2022-04-28 16:12 ` Qian Cai [this message]
2022-04-28 16:12 ` Qian Cai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220428161254.GA182@qian \
--to=quic_qiancai@quicinc.com \
--cc=akpm@linux-foundation.org \
--cc=andrey.konovalov@linux.dev \
--cc=andreyknvl@gmail.com \
--cc=andreyknvl@google.com \
--cc=catalin.marinas@arm.com \
--cc=dvyukov@google.com \
--cc=elver@google.com \
--cc=eugenis@google.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mark.rutland@arm.com \
--cc=pcc@google.com \
--cc=ryabinin.a.a@gmail.com \
--cc=vincenzo.frascino@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.