Hi Qian, Thanks for the report.
On Mon, Aug 12, 2019 at 05:51:35PM -0400, Qian Cai wrote: > Booting today's linux-next on an arm64 server triggers a panic with > CONFIG_KASAN_SW_TAGS=y pointing to this line, Is this the only change on top of defconfig? If not, please can you share your full .config? > kfree()->virt_to_head_page()->compound_head() > > unsigned long head = READ_ONCE(page->compound_head); > > The bisect so far indicates one of those could be bad, I guess that means the issue is reproducible on the arm64 for-next/core branch. Once I have your .config, I'll give it a go. > [ 0.000000][ T0] Unable to handle kernel paging request at virtual > address > 0030ffe001e01588 > [ 0.000000][ T0] Mem abort info: > [ 0.000000][ T0] ESR = 0x96000004 > [ 0.000000][ T0] EC = 0x25: DABT (current EL), IL = 32 bits > [ 0.000000][ T0] SET = 0, FnV = 0 > [ 0.000000][ T0] EA = 0, S1PTW = 0 > [ 0.000000][ T0] Data abort info: > [ 0.000000][ T0] ISV = 0, ISS = 0x00000004 > [ 0.000000][ T0] CM = 0, WnR = 0 > [ 0.000000][ T0] [0030ffe001e01588] address between user and kernel > address ranges Hmm, nice address... I suppose we're looking at the interaction of 52-bit VA, untagged pointers and KASAN using sw tags. Lovely. Thanks, and please keep us updated on the bisection. Will
