From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8634CC433EF for ; Mon, 4 Apr 2022 14:20:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0E4066B0072; Mon, 4 Apr 2022 10:20:37 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 092FA6B0073; Mon, 4 Apr 2022 10:20:37 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E28068D0001; Mon, 4 Apr 2022 10:20:36 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.a.hostedemail.com [64.99.140.24]) by kanga.kvack.org (Postfix) with ESMTP id CBFEC6B0072 for ; Mon, 4 Apr 2022 10:20:36 -0400 (EDT) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 80740240F9 for ; Mon, 4 Apr 2022 14:20:26 +0000 (UTC) X-FDA: 79319406852.08.FE79602 Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) by imf30.hostedemail.com (Postfix) with ESMTP id B27F18002E for ; Mon, 4 Apr 2022 14:20:25 +0000 (UTC) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id 3BCD21F381; Mon, 4 Apr 2022 14:20:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_rsa; t=1649082024; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y5lbE76B/EZHwPu2k7A6I8RReLpOp0Y/jNzFdV3g1S4=; b=wUJfCU6U9aEFMd7I2PlH7XU/X4oZ10X3cwSWjwI7LepxZwjQJG+tZohyp88Q845oq422CX URrCxehthNYfuNbAO98G+ZPJxR1b+wFyOUf9J+MRXLhBXseQ7qFMhyavzy1Jyp63uNdS/v pKSOrxaTEiqp9bqyS3uevf3s9AnN+KA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.cz; s=susede2_ed25519; t=1649082024; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Y5lbE76B/EZHwPu2k7A6I8RReLpOp0Y/jNzFdV3g1S4=; b=4rdUhyBqjuGgSR3ltLnLq8pBH8pUj6kqVuVTnDYQxGv3Bw+qXKXhm3ja0q8lXLTnZtmONy 3JlFPAkCUCvqcXAA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 0D39912FC5; Mon, 4 Apr 2022 14:20:24 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id wftkAqj+SmLzOQAAMHmgww (envelope-from ); Mon, 04 Apr 2022 14:20:24 +0000 Message-ID: <8368021e-86c3-a93f-b29d-efed02135c41@suse.cz> Date: Mon, 4 Apr 2022 16:20:23 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Content-Language: en-US To: Marco Elver , Hyeonggon Yoo <42.hyeyoo@gmail.com> Cc: kernel test robot , Oliver Glitta , lkp@lists.01.org, lkp@intel.com, LKML , Imran Khan , Andrey Konovalov , Zhen Lei , Zqiang , linux-mm@kvack.org References: <20220323090520.GG16885@xsang-OptiPlex-9020> <20220324095218.GA2108184@odroid> From: Vlastimil Babka Subject: Re: [mm/slub] 555b8c8cb3: WARNING:at_lib/stackdepot.c:#stack_depot_fetch In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Stat-Signature: hz833jzwgmzufd98nupid9pq17zoyfkk Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=suse.cz header.s=susede2_rsa header.b=wUJfCU6U; dkim=pass header.d=suse.cz header.s=susede2_ed25519 header.b=4rdUhyBq; spf=pass (imf30.hostedemail.com: domain of vbabka@suse.cz designates 195.135.220.29 as permitted sender) smtp.mailfrom=vbabka@suse.cz; dmarc=none X-Rspam-User: X-Rspamd-Server: rspam02 X-Rspamd-Queue-Id: B27F18002E X-HE-Tag: 1649082025-256345 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 4/4/22 10:10, Marco Elver wrote: > On Mon, Apr 04, 2022 at 12:05PM +0900, Hyeonggon Yoo wrote: > (Maybe CONFIG_KCSAN_STRICT=y is going to yield something? I still doubt > it thought, this bug is related to corrupted stackdepot handle > somewhere...) > >> I noticed that it is not reproduced when KASAN=y and KFENCE=n (reproduced 0 of 181). >> and it was reproduced 56 of 196 when KASAN=n and KFENCE=y >> >> maybe this issue is related to kfence? Hmm kfence seems to be a good lead. If I understand kfence_guarded_alloc() correctly, it tries to set up something that really looks like a normal slab page? Especially the part with comment /* Set required slab fields. */ But it doesn't seem to cover the debugging parts that SLUB sets up with alloc_debug_processing(). This includes alloc stack saving, thus, after commit 555b8c8cb3, a stackdepot handle setting. It probably normally doesn't matter as is_kfence_address() redirects processing of kfence-allocated objects so we don't hit any slub code that expects the debugging parts to be properly initialized. But here we are in mem_dump_obj() -> kmem_dump_obj() -> kmem_obj_info(). Because kmem_valid_obj() returned true, fooled by folio_test_slab() returning true because of the /* Set required slab fields. */ code. Yet the illusion is not perfect and we read garbage instead of a valid stackdepot handle. IMHO we should e.g. add the appropriate is_kfence_address() test into kmem_valid_obj(), to exclude kfence-allocated objects? Sounds much simpler than trying to extend the illusion further to make kmem_dump_obj() work? Instead kfence could add its own specific handler to mem_dump_obj() to print its debugging data? > What about KASAN=n and KFENCE=n? > > Thanks, > -- Marco