From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB431C3DA41 for ; Wed, 10 Jul 2024 16:46:30 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 80D1B6B009A; Wed, 10 Jul 2024 12:46:30 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7BBD26B009C; Wed, 10 Jul 2024 12:46:30 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 65CE46B009D; Wed, 10 Jul 2024 12:46:30 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 41E716B009A for ; Wed, 10 Jul 2024 12:46:30 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id EC2E114017C for ; Wed, 10 Jul 2024 16:46:29 +0000 (UTC) X-FDA: 82324421298.07.6BE774B Received: from mail-lf1-f53.google.com (mail-lf1-f53.google.com [209.85.167.53]) by imf02.hostedemail.com (Postfix) with ESMTP id D8EFB80010 for ; Wed, 10 Jul 2024 16:46:26 +0000 (UTC) Authentication-Results: imf02.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=NvweCvhx; spf=pass (imf02.hostedemail.com: domain of usamaarif642@gmail.com designates 209.85.167.53 as permitted sender) smtp.mailfrom=usamaarif642@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1720629944; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=z0cazoZmSUN0g1IfDlI/xJJlQJxm2WT57HEXy3m6nFA=; b=dwCHtrfRpAm0gydrqiVWmEHTxCq+K/6+wvpL7wv0rPXU4SFHngiJfhtS4951LulUX3Q6Q1 agWVuG/kOfDVAwBgJw1e3Gslyhob5nWahYM+ZSppR70bsP06xhun8Y2hF6EMyL8JUWu/RJ ni8cC7TPXkl0LyH2qYIiCM7nuR3YvLU= ARC-Authentication-Results: i=1; imf02.hostedemail.com; dkim=pass header.d=gmail.com header.s=20230601 header.b=NvweCvhx; spf=pass (imf02.hostedemail.com: domain of usamaarif642@gmail.com designates 209.85.167.53 as permitted sender) smtp.mailfrom=usamaarif642@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1720629944; a=rsa-sha256; cv=none; b=Cc4zsBzbPZ5Wf4WIiQkLUk1zAC33qtSpV+NOmNxS/G9adT1K5n+0kXWZK6VuKM9ykTgCHt iebgiCSahqxOh5aam/5RAauAUyvKrshdbecu/t8HyEWjV/L9C4UmtoV6+INwSH+TiBpDNX vD0gikQsuDG4njqTlW5G9z2/hBtKAPw= Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-52e9c55febcso8572327e87.2 for ; Wed, 10 Jul 2024 09:46:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720629985; x=1721234785; darn=kvack.org; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id:from:to :cc:subject:date:message-id:reply-to; bh=z0cazoZmSUN0g1IfDlI/xJJlQJxm2WT57HEXy3m6nFA=; b=NvweCvhxXuHGIgdpu7ZwTYhoZ4u3xIIa1J5KqY3nfVZAwu3moE82/4AUJmuPczhu4s E8y6H7v23O+YIpoeslJgARj0E2IN9U/eoIPTYgwlfMUPdXWlnACCXFzH5J+n5UIvfDi0 WCDZodX/ojnJNjr6UA0a4I9qsxtjp67nJVUOX1vJnsEEaUz9HgvxzmriYtqTRZt+4CXu dRvpZlu2Rc35//wy2oQop9YlV35fhWKdIODIHcLg2KBaihKPrcMGhVrRW75PyB7FeHPN 8l7sOLHwW4YnI3TGPy0VDIxguyyRlYXIamsTMuH7XfUUv6tsCr2a8GJ4mrU3p+3FiJqx lYhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720629985; x=1721234785; h=content-transfer-encoding:in-reply-to:content-language:references :cc:to:from:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=z0cazoZmSUN0g1IfDlI/xJJlQJxm2WT57HEXy3m6nFA=; b=XduivUHZvax7OL0t5NAvO7iQIU/Gee0pWFfYBjeS3EJSmlZrYXnAgM9tCfLQF9TrWX rRA1yzOsN6h44VnIFYZmHzQ22XPg2/h3cVlARjFBA5fRbkYGePneub0HL9nUUGPiBkwi 3vzwWA+81/uGfpPHcTRX5ZcMogqv8AhiLmxjpLzDizSQXu275TW2pAT2Ts61JnCRjIeu //isEBjxLy7QY3IlNBpEeZA4q6itkqZV9PgGeAV+3Nwe/6zd99qYSoXW5vVM1l6R2kkv Ib1IW3+cIsXNQ3WrnlOo6Wmh65mxQCThykxB6JKIC2fyZqi/CgeOjt1HfCOXteA21fEb dMTg== X-Forwarded-Encrypted: i=1; AJvYcCXAj1NDsulcO1gcjJl80LtdKEuNNUNyucACEVQy5TXq0T3qVuwSW9rm5bA3j0Wimp7nsLiHiwOcbckfVeSqTNfWw3E= X-Gm-Message-State: AOJu0Yy37Wq/O1wePGS3gkoGQfGdaYE893d9nNQGyD0K4r3RsOGdW1pW k3gXKXYnKxCQ6Slf8Xi9BBEzgD+tsnooKykg6E6mhTv7XMIF1yxj X-Google-Smtp-Source: AGHT+IHcLXIi9slDr44GXDvQVkWfJZ0TZUW1P+MMg9q1vLHqVKsNZIunUq54QN25M4zH37pYJ6mACA== X-Received: by 2002:a05:6512:3f0c:b0:52c:de00:9c04 with SMTP id 2adb3069b0e04-52eb99d338amr4561630e87.48.1720629984586; Wed, 10 Jul 2024 09:46:24 -0700 (PDT) Received: from ?IPV6:2a01:4b00:b211:ad00:1490:6cc2:4d06:940f? ([2a01:4b00:b211:ad00:1490:6cc2:4d06:940f]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-367cde7e1b3sm5711194f8f.20.2024.07.10.09.46.24 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 10 Jul 2024 09:46:24 -0700 (PDT) Message-ID: <053bd429-ae19-4beb-a733-a7a838b1e010@gmail.com> Date: Wed, 10 Jul 2024 17:46:23 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [linux-next:master] [mm] 47325a5c88: WARNING:at_mm/slub.c:#free_large_kmalloc From: Usama Arif To: kernel test robot , Andrew Morton Cc: oe-lkp@lists.linux.dev, lkp@intel.com, Linux Memory Management List , Chengming Zhou , Yosry Ahmed , Nhat Pham , Johannes Weiner , David Hildenbrand , "Huang, Ying" , Hugh Dickins , Matthew Wilcox , Shakeel Butt , Andi Kleen , linux-kernel@vger.kernel.org, ltp@lists.linux.it References: <202407101031.c6c3c651-lkp@intel.com> Content-Language: en-US In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: D8EFB80010 X-Stat-Signature: 98pp1obabbjbuhyiamti5b7izgyr698e X-Rspam-User: X-HE-Tag: 1720629986-513957 X-HE-Meta: U2FsdGVkX18QVyncCku4OwHWsk4SuakYhre4vVvgSj1dU88/9XW7yVKjOgxZPl0B9RlApmRvSgvezZbLIDD9rv6OWFRznIGaroqjeG9PAgO8bY2oDFekkmcDXW/w7PxUXtiWV+MjYVacs3A6zepHBjSRNeH7rXqZAQagXZ3FUwLV64HRjgcnqq7/kD5yFa467Z98ocqa8E4xtFUfEEVbcbBCKb4unjMQn2qu5WY/Mjz5EEm8LwUCLBdcjCtyABZzGC44E3lKnvz9zBTBpzwEIMxuwUpOVyRlHR+AidPRi01vNXfD8YPhqm4koIN3AX2KUwrobIILRU8VDOr4hVqWR/lBZF7MVbuI2vLj0yhALvfvrD5k5uQmJbooktO1AWm6tJaDOc7+b04+lHs96hktGFHYYaXivC4oIXGUNL7PZ0EU+3EEUkqPjrUr2GuWambzlIRkITON3HVLbNOHhVwzxoMxvmj8AI6m6cCmwmXJqUgw6MWmVOB46675FPiuxTJoswEXpwLKK/dupf5VSO6uMhnjaP8XZjoqWTvcwIj6tyjYzX2YRiCNAaylRsJbLNhC2yJiutd3V8Oet7EqqA81JXV10igBZ1FqM3eNOOZVDm4ZiDZTNrLyOj0XSukW2QOh5k58VMhZio6nxlcOUEzsASUzaFsusHJqgDPnRGbRRZAUho0G1UliuZgRGggwb28wfk4l1ecRY44kmJt3s+MxowuXA8J5SSp5BbJtJNLI2AQAQmx2kME5w2dCw+ttTisWCE1qTowxyIoUF1ZI65M5ECQGB45MjwKMjjEVsfxmpv+94oaGLPzzd7VlfnV06cdTsga9UA6FDNw87FAvsZx0uglHJYkeXK/rpHHjwVjLSBC75c1QfDSE4A4UNfjoTtTYnF7uNLI3jR/+s7EF2DLHjFarVUXJjKwPXYIWO+WHj+CABYTr5sSMie+tdp6iwTSZwvlDUNffQ8NOq56l20B gQlF9ngN tALx4B+CdeQvIHwqWsA0yAk9pScHP+h80jCv7eeASgb+pzJIjKhqm/ll6J2jzrFy3yW9+TRaLUlmWBe+/vhLtFVa+pxOSjnLbIB1ibVg0wuEmR6XrvBmH3pt77Ox2iOEdGJcjYURRMaFCF9cTOWx5/HQSC4Uhxl5K0QjiMjaCZqJNwSICMUDo1Z8TWwUXa9ZzEj6TIoNR9jzcEypo+pHYs0f05sINfr9F1EH/PyuyCBiVM1QNxbggHknDOlz7p/cjE0xP5+sJqDirTSrT0LyizxW776TkALCtSu0WqTDKqdVuzwCj+6Q9z/12q45iFE2HWr5tfmtcIvV4/Z5zlRv6ILqAlOvW9iyZsbAdT/QJ0TUG1HpWghgrypqcTj0DlHzoPzknTatuV458PnpCpQctS9wax+0JNH6OznDi/NXKtE9pyj7Nz3kDop7CKPWVdQwL8FSIbb8YaKw5Jk5NYBlTOtN9imp5w5iztw+XXAEY139g2fBERVAYilP1Vlugxj0Ot/myYrtr9dgkTWCvxDD3qnLeCUR6tpmmQwPC/FVKf5FPviV3NdZYUXi8vQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On 10/07/2024 13:29, Usama Arif wrote: > > > On 10/07/2024 05:51, kernel test robot wrote: >> >> >> Hello, >> >> kernel test robot noticed "WARNING:at_mm/slub.c:#free_large_kmalloc" on: >> >> commit: 47325a5c88c5ee373c973e47c27c7dadcfe88a32 ("mm-store-zero-pages-to-be-swapped-out-in-a-bitmap-v8") >> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master >> >> [test failed on linux-next/master 82d01fe6ee52086035b201cfa1410a3b04384257] >> >> in testcase: ltp >> version: ltp-x86_64-14c1f76-1_20240706 >> with following parameters: >> >> test: commands >> >> >> >> compiler: gcc-13 >> test machine: 8 threads 1 sockets Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz (Ivy Bridge) with 16G memory >> >> (please refer to attached dmesg/kmsg for entire log/backtrace) >> >> >> >> If you fix the issue in a separate patch/commit (i.e. not just a new version of >> the same patch/commit), kindly add following tags >> | Reported-by: kernel test robot >> | Closes: https://lore.kernel.org/oe-lkp/202407101031.c6c3c651-lkp@intel.com >> >> >> The kernel config and materials to reproduce are available at: >> https://download.01.org/0day-ci/archive/20240710/202407101031.c6c3c651-lkp@intel.com >> >> >> >> kern :warn : [ 455.633948] Swap area shorter than signature indicates >> kern :warn : [ 455.634133] ------------[ cut here ]------------ >> kern :warn : [ 455.634268] WARNING: CPU: 3 PID: 8129 at mm/slub.c:4538 free_large_kmalloc+0x93/0xe0 >> kern :warn : [ 455.635173] Modules linked in: msdos minix vfat fat xfs ext2 netconsole btrfs blake2b_generic xor zstd_compress raid6_pq libcrc32c intel_rapl_msr intel_rapl_common sd_mod x86_pkg_temp_thermal t10_pi intel_powerclamp coretemp crc64_rocksoft_generic crc64_rocksoft crc64 kvm_intel sg ipmi_devintf ipmi_msghandler i915 kvm crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel sha512_ssse3 drm_buddy intel_gtt firewire_ohci rapl mxm_wmi intel_cstate drm_display_helper firewire_core ahci libahci crc_itu_t i2c_i801 intel_uncore ttm libata drm_kms_helper i2c_smbus lpc_ich video wmi binfmt_misc drm loop fuse dm_mod ip_tables >> kern :warn : [ 455.636742] CPU: 3 PID: 8129 Comm: swapon Not tainted 6.10.0-rc6-00357-g47325a5c88c5 #1 >> kern :warn : [ 455.636935] Hardware name: /DZ77BH-55K, BIOS BHZ7710H.86A.0097.2012.1228.1346 12/28/2012 >> kern :warn : [ 455.637127] RIP: 0010:free_large_kmalloc+0x93/0xe0 >> kern :warn : [ 455.637267] Code: 00 41 f7 c4 00 02 00 00 74 01 fb f0 ff 4b 34 74 0b 5b 5d 41 5c 41 5d c3 cc cc cc cc 48 89 df 5b 5d 41 5c 41 5d e9 8d 3f eb ff <0f> 0b 80 3d 14 d8 06 04 00 74 1c 48 89 ef e8 ea b0 1d 02 48 8b 74 >> kern :warn : [ 455.637951] RSP: 0018:ffffc9000247fdd8 EFLAGS: 00010246 >> kern :warn : [ 455.638098] RAX: 0017ffffc0000000 RBX: ffffea00055cf900 RCX: 0000000000000000 >> kern :warn : [ 455.638273] RDX: ffffea0005bb6508 RSI: ffff8881573e4000 RDI: ffffea00055cf900 >> kern :warn : [ 455.638505] RBP: ffff8881573e4000 R08: 0000000000000001 R09: fffff5200048ffb5 >> kern :warn : [ 455.638679] R10: 0000000000000003 R11: 0000000000000001 R12: ffff8881ee6b2c28 >> kern :warn : [ 455.638853] R13: ffff8881393c7890 R14: 00000000ffffffea R15: ffff8881393c7800 >> kern :warn : [ 455.639028] FS: 00007fa00e70c840(0000) GS:ffff88833c580000(0000) knlGS:0000000000000000 >> kern :warn : [ 455.639218] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 >> kern :warn : [ 455.639424] CR2: 00005624b13e8000 CR3: 00000003df01e002 CR4: 00000000001706f0 >> kern :warn : [ 455.639600] Call Trace: >> kern :warn : [ 455.639695] >> kern :warn : [ 455.639787] ? __warn+0xcc/0x260 >> kern :warn : [ 455.639900] ? free_large_kmalloc+0x93/0xe0 >> kern :warn : [ 455.640025] ? report_bug+0x261/0x2c0 >> kern :warn : [ 455.640141] ? handle_bug+0x6d/0x90 >> kern :warn : [ 455.640254] ? exc_invalid_op+0x17/0x40 >> kern :warn : [ 455.640428] ? asm_exc_invalid_op+0x1a/0x20 >> kern :warn : [ 455.640555] ? free_large_kmalloc+0x93/0xe0 >> kern :warn : [ 455.640679] __do_sys_swapon+0xaf3/0x1ea0 >> kern :warn : [ 455.640806] ? poison_slab_object+0xc5/0x170 >> kern :warn : [ 455.640934] ? __pfx___do_sys_swapon+0x10/0x10 >> kern :warn : [ 455.641063] ? __x64_sys_close+0x7c/0xd0 >> kern :warn : [ 455.641184] ? kmem_cache_free+0xd5/0x3e0 >> kern :warn : [ 455.641307] do_syscall_64+0x5f/0x170 >> kern :warn : [ 455.641489] entry_SYSCALL_64_after_hwframe+0x76/0x7e >> kern :warn : [ 455.641629] RIP: 0033:0x7fa00e8d7f97 >> kern :warn : [ 455.641746] Code: 73 01 c3 48 8b 0d 69 2e 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a7 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 39 2e 0d 00 f7 d8 64 89 01 48 >> kern :warn : [ 455.642117] RSP: 002b:00007ffc063cb6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7 >> kern :warn : [ 455.642302] RAX: ffffffffffffffda RBX: 00005624b13d89a0 RCX: 00007fa00e8d7f97 >> kern :warn : [ 455.642535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005624b13d89a0 >> kern :warn : [ 455.642709] RBP: 0000000000000000 R08: 0000000000000ff6 R09: 0000000000001000 >> kern :warn : [ 455.642882] R10: 4e45505355533253 R11: 0000000000000246 R12: 00007ffc063cb91c >> kern :warn : [ 455.643056] R13: 00000000ffffffff R14: 0000000012c00000 R15: 00005624b13d95d0 >> kern :warn : [ 455.643231] >> kern :warn : [ 455.643321] ---[ end trace 0000000000000000 ]--- >> kern :warn : [ 455.643507] object pointer: 0x000000003fde23f4 >> kern :err : [ 455.643635] ================================================================== >> kern :err : [ 455.643807] BUG: KASAN: double-free in __do_sys_swapon+0xaf3/0x1ea0 >> kern :err : [ 455.643978] Free of addr ffff8881573e4000 by task swapon/8129 >> >> kern :err : [ 455.644198] CPU: 3 PID: 8129 Comm: swapon Tainted: G W 6.10.0-rc6-00357-g47325a5c88c5 #1 >> kern :err : [ 455.644406] Hardware name: /DZ77BH-55K, BIOS BHZ7710H.86A.0097.2012.1228.1346 12/28/2012 >> kern :err : [ 455.644590] Call Trace: >> kern :err : [ 455.644681] >> kern :err : [ 455.644768] dump_stack_lvl+0x53/0x70 >> kern :err : [ 455.644883] print_address_description+0x30/0x410 >> kern :err : [ 455.645033] ? __do_sys_swapon+0xaf3/0x1ea0 >> kern :err : [ 455.645158] print_report+0xb9/0x2b0 >> kern :err : [ 455.645275] ? __do_sys_swapon+0xaf3/0x1ea0 >> kern :err : [ 455.645397] ? kasan_addr_to_slab+0xd/0xb0 >> kern :err : [ 455.645516] ? __do_sys_swapon+0xaf3/0x1ea0 >> kern :err : [ 455.645639] kasan_report_invalid_free+0x94/0xc0 >> kern :err : [ 455.645769] ? __do_sys_swapon+0xaf3/0x1ea0 >> kern :err : [ 455.645891] free_large_kmalloc+0xb8/0xe0 >> kern :err : [ 455.646010] __do_sys_swapon+0xaf3/0x1ea0 >> kern :err : [ 455.646130] ? poison_slab_object+0xc5/0x170 >> kern :err : [ 455.646254] ? __pfx___do_sys_swapon+0x10/0x10 >> kern :err : [ 455.646379] ? __x64_sys_close+0x7c/0xd0 >> kern :err : [ 455.646498] ? kmem_cache_free+0xd5/0x3e0 >> kern :err : [ 455.646619] do_syscall_64+0x5f/0x170 >> kern :err : [ 455.646735] entry_SYSCALL_64_after_hwframe+0x76/0x7e >> kern :err : [ 455.646871] RIP: 0033:0x7fa00e8d7f97 >> kern :err : [ 455.646985] Code: 73 01 c3 48 8b 0d 69 2e 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a7 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 39 2e 0d 00 f7 d8 64 89 01 48 >> kern :err : [ 455.647343] RSP: 002b:00007ffc063cb6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a7 >> kern :err : [ 455.647521] RAX: ffffffffffffffda RBX: 00005624b13d89a0 RCX: 00007fa00e8d7f97 >> kern :err : [ 455.647692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00005624b13d89a0 >> kern :err : [ 455.647863] RBP: 0000000000000000 R08: 0000000000000ff6 R09: 0000000000001000 >> kern :err : [ 455.648036] R10: 4e45505355533253 R11: 0000000000000246 R12: 00007ffc063cb91c >> kern :err : [ 455.648208] R13: 00000000ffffffff R14: 0000000012c00000 R15: 00005624b13d95d0 >> kern :err : [ 455.648387] >> >> kern :err : [ 455.648549] The buggy address belongs to the physical page: >> kern :warn : [ 455.648692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff8881573e5b30 pfn:0x1573e4 >> kern :warn : [ 455.648902] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) >> kern :warn : [ 455.649065] raw: 0017ffffc0000000 ffffea0005bb6508 ffff88833c7cb600 0000000000000000 >> kern :warn : [ 455.649249] raw: ffff8881573e5b30 0000000000000000 00000000ffffffff 0000000000000000 >> kern :warn : [ 455.649430] page dumped because: kasan: bad access detected >> >> kern :err : [ 455.649647] Memory state around the buggy address: >> kern :err : [ 455.649777] ffff8881573e3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >> kern :err : [ 455.649945] ffff8881573e3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >> kern :err : [ 455.650115] >ffff8881573e4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >> kern :err : [ 455.650286] ^ >> kern :err : [ 455.650392] ffff8881573e4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >> kern :err : [ 455.650563] ffff8881573e4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >> kern :err : [ 455.650733] ================================================================== >> kern :warn : [ 455.650954] Disabling lock debugging due to kernel taint >> user :notice: [ 455.655806] mkswap01 3 TINFO: Can not do swapon on /dev/loop0. >> >> >> > > > I believe the below diff should solve the warning and double-free. Could this be folded into the patch? > Eventhough not needed, good to set it to NULL in swapoff as well. Next patch has been tested with the LKP test that gives the warning. Thanks. commit 70ea85cd63372929980f7f4f7d9707e0b42ba6e0 (HEAD) Author: Usama Arif Date: Wed Jul 10 11:21:56 2024 +0100 mm: initialize zeromap to NULL at swapon and set it to NULL at swapoff If swapon fails before zeromap is initialized, kvfree should operate on a NULL pointer. Signed-off-by: Usama Arif diff --git a/mm/swapfile.c b/mm/swapfile.c index e263511dbb6e..8dacdadb0d2a 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -2524,6 +2524,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) struct address_space *mapping; struct inode *inode; struct filename *pathname; + unsigned long *zeromap; int err, found = 0; if (!capable(CAP_SYS_ADMIN)) @@ -2641,6 +2642,8 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) p->max = 0; swap_map = p->swap_map; p->swap_map = NULL; + zeromap = p->zeromap; + p->zeromap = NULL; cluster_info = p->cluster_info; p->cluster_info = NULL; spin_unlock(&p->lock); @@ -2653,7 +2656,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) free_percpu(p->cluster_next_cpu); p->cluster_next_cpu = NULL; vfree(swap_map); - kvfree(p->zeromap); + kvfree(zeromap); kvfree(cluster_info); /* Destroy swap account information */ swap_cgroup_swapoff(p->type); @@ -3105,6 +3108,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) struct page *page = NULL; struct inode *inode = NULL; bool inced_nr_rotate_swap = false; + unsigned long *zeromap = NULL; if (swap_flags & ~SWAP_FLAGS_VALID) return -EINVAL; @@ -3184,12 +3188,13 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) * Use kvmalloc_array instead of bitmap_zalloc as the allocation order might * be above MAX_PAGE_ORDER incase of a large swap file. */ - p->zeromap = kvmalloc_array(BITS_TO_LONGS(maxpages), sizeof(long), - GFP_KERNEL | __GFP_ZERO); - if (!p->zeromap) { + zeromap = kvmalloc_array(BITS_TO_LONGS(maxpages), sizeof(long), + GFP_KERNEL | __GFP_ZERO); + if (!zeromap) { error = -ENOMEM; goto bad_swap_unlock_inode; } + p->zeromap = zeromap; if (p->bdev && bdev_stable_writes(p->bdev)) p->flags |= SWP_STABLE_WRITES; @@ -3345,7 +3350,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) p->flags = 0; spin_unlock(&swap_lock); vfree(swap_map); - kvfree(p->zeromap); + kvfree(zeromap); kvfree(cluster_info); if (inced_nr_rotate_swap) atomic_dec(&nr_rotate_swap);