On Tue, Aug 13, 2019 at 10:02:01AM +0100, Will Deacon wrote: > On Mon, Aug 12, 2019 at 05:51:35PM -0400, Qian Cai wrote: > > Booting today's linux-next on an arm64 server triggers a panic with > > CONFIG_KASAN_SW_TAGS=y pointing to this line, > > Is this the only change on top of defconfig? If not, please can you share > your full .config? > > > kfree()->virt_to_head_page()->compound_head() > > > > unsigned long head = READ_ONCE(page->compound_head); > > > > The bisect so far indicates one of those could be bad, > > I guess that means the issue is reproducible on the arm64 for-next/core > branch. Once I have your .config, I'll give it a go.
FWIW, I've managed to reproduce this using defconfig + SW_TAGS on for-next/core, so I'll keep investigating. Will --->8 [ 0.000000] Unable to handle kernel paging request at virtual address 0037fe0007580d08 [ 0.000000] Mem abort info: [ 0.000000] ESR = 0x96000004 [ 0.000000] EC = 0x25: DABT (current EL), IL = 32 bits [ 0.000000] SET = 0, FnV = 0 [ 0.000000] EA = 0, S1PTW = 0 [ 0.000000] Data abort info: [ 0.000000] ISV = 0, ISS = 0x00000004 [ 0.000000] CM = 0, WnR = 0 [ 0.000000] [0037fe0007580d08] address between user and kernel address ranges [ 0.000000] Internal error: Oops: 96000004 [#1] PREEMPT SMP [ 0.000000] Modules linked in: [ 0.000000] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc3-00049-gf964cbd07098 #1 [ 0.000000] Hardware name: linux,dummy-virt (DT) [ 0.000000] pstate: 20000085 (nzCv daIf -PAN -UAO) [ 0.000000] pc : kfree+0x44/0x6ac [ 0.000000] lr : apply_wqattrs_prepare+0x390/0x3fc [ 0.000000] sp : ffff9000541d7d00 [ 0.000000] x29: ffff9000541d7d80 x28: 4dff0001de034e08 [ 0.000000] x27: b2ff0001de040000 x26: 0000000000000004 [ 0.000000] x25: c1ff0001de034c28 x24: 4dff0001de034e00 [ 0.000000] x23: a8ff0001de034d00 x22: c1ff0001de020a00 [ 0.000000] x21: a8ff0001de034d08 x20: 0000000000000000 [ 0.000000] x19: c1ff0001de034c00 x18: 0000000000000000 [ 0.000000] x17: 0000000000000000 x16: 0000000000000000 [ 0.000000] x15: 1ffff6b000000000 x14: ffff900053ca87e4 [ 0.000000] x13: ffff900052539444 x12: ffff90005253ce48 [ 0.000000] x11: 00000000000000c1 x10: ffff80001de034c1 [ 0.000000] x9 : fffffdffffe00008 x8 : 0138000007780d00 [ 0.000000] x7 : ffffffffffffffff x6 : a8ff0001de034d28 [ 0.000000] x5 : 0000000000000040 x4 : 0000000000000008 [ 0.000000] x3 : 0000000000000100 x2 : ffff9000541ddf68 [ 0.000000] x1 : a8ff0001de034d08 x0 : 4dff0001de034e00 [ 0.000000] Call trace: [ 0.000000] kfree+0x44/0x6ac [ 0.000000] apply_wqattrs_prepare+0x390/0x3fc [ 0.000000] apply_workqueue_attrs+0x70/0xe4 [ 0.000000] alloc_workqueue+0x514/0x728 [ 0.000000] workqueue_init_early+0x36c/0x4a0 [ 0.000000] start_kernel+0x1d0/0x46c [ 0.000000] Code: f2bffc09 d346fd08 f2dfbfe9 927acd08 (f8696909) [ 0.000000] random: get_random_bytes called from oops_exit+0x4c/0x78 with crng_init=0 [ 0.000000] ---[ end trace 0000000000000000 ]---
