"arm64/for-next/core" causes boot panic

From: Qian Cai
Date: Mon Aug 12 2019 - 17:51:46 EST


Booting today's linux-next on an arm64 server triggers a panic with
CONFIG_KASAN_SW_TAGS=y pointing to this line,

kfree()->virt_to_head_page()->compound_head()

unsigned long head = READ_ONCE(page->compound_head);

The bisect so far indicates one of those could be bad,

9c1cac424c93 arm64: mm: Really fix sparse warning in untagged_addr()
d2c68de192cf docs: arm64: Add layout and 52-bit info to memory document
2c624fe68715 arm64: mm: Remove vabits_user
b6d00d47e81a arm64: mm: Introduce 52-bit Kernel VAs
ce3aaed87344 arm64: mm: Modify calculation of VMEMMAP_SIZE
c8b6d2ccf9b1 arm64: mm: Separate out vmemmap
c812026c54cf arm64: mm: Logic to make offset_ttbr1 conditional
5383cc6efed1 arm64: mm: Introduce vabits_actual
90ec95cda91a arm64: mm: Introduce VA_BITS_MIN
99426e5e8c9f arm64: dump: De-constify VA_START and KASAN_SHADOW_START
6bd1d0be0e97 arm64: kasan: Switch to using KASAN_SHADOW_OFFSET
14c127c957c1 arm64: mm: Flip kernel VA space
08f103b9a950 arm64/ptrace: Fix typoes in sve_set() comment
2951d5efaf8b arm64: mm: print hexadecimal EC value in mem_abort_decode()
b99286b088ea arm64/prefetch: fix a -Wtype-limits warning
71c67a31f09f init/Kconfig: Fix infinite Kconfig recursion on PPC
42d038c4fb00 arm64: Add support for function error injection
45880f7b7b19 error-injection: Consolidate override function definition
9ce1263033cd selftests, arm64: add a selftest for passing tagged pointers to
kernel
63f0c6037965 arm64: Introduce prctl() options to control the tagged user
addresses ABI
2b835e24b5c6 arm64: untag user pointers in access_ok and __uaccess_mask_ptr
5cf896fb6be3 arm64: Add support for relocating the kernel with RELR relocations
66cbdf5d0c96 arm64: Move TIF_* documentation to individual definitions
13776f9d40a0 arm64: mm: free the initrd reserved memblock in a aligned manner
22ec71615d82 arm64: io: Relax implicit barriers in default I/O accessors
2f8f180b3cee arm64: Remove unused cpucap_multi_entry_cap_cpu_enable()
73961dc1182e arm64: sysreg: Remove unused and rotting SCTLR_ELx field
definitions
332e5281a4e8 arm64: esr: Add ESR exception class encoding for trapped ERET
b3e089cd446b arm64: Replace strncmp with str_has_prefix
3e77eeb7a27f ACPI/IORT: Rename arm_smmu_v3_set_proximity() 'node' local variable
b717480f5415 arm64: remove unneeded uapi/asm/stat.h
c19d050f8088 arm64/kexec: Use consistent convention of initializing
'kxec_buf.mem' with KEXEC_BUF_MEM_UNKNOWN
b907b80d7ae7 arm64: remove pointless __KERNEL__ guards
c87857945b0e arm64: Remove unused assembly macro


[ÂÂÂÂ0.000000][ÂÂÂÂT0] Unable to handle kernel paging request at virtual address
0030ffe001e01588
[ÂÂÂÂ0.000000][ÂÂÂÂT0] Mem abort info:
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂÂESR = 0x96000004
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂÂEC = 0x25: DABT (current EL), IL = 32 bits
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂÂSET = 0, FnV = 0
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂÂEA = 0, S1PTW = 0
[ÂÂÂÂ0.000000][ÂÂÂÂT0] Data abort info:
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂÂISV = 0, ISS = 0x00000004
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂÂCM = 0, WnR = 0
[ÂÂÂÂ0.000000][ÂÂÂÂT0] [0030ffe001e01588] address between user and kernel
address ranges
[ÂÂÂÂ0.000000][ÂÂÂÂT0] Internal error: Oops: 96000004 [#1] SMP
[ÂÂÂÂ0.000000][ÂÂÂÂT0] Modules linked in:
[ÂÂÂÂ0.000000][ÂÂÂÂT0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.3.0-rc4-next-
20190812+ #1
[ÂÂÂÂ0.000000][ÂÂÂÂT0] pstate: 40000089 (nZcv daIf -PAN -UAO)
[ÂÂÂÂ0.000000][ÂÂÂÂT0] pc : kfree+0x160/0xc98
[ÂÂÂÂ0.000000][ÂÂÂÂT0] lr : kfree+0x154/0xc98
[ÂÂÂÂ0.000000][ÂÂÂÂT0] sp : ffff900012e07cc0
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x29: ffff900012e07d50 x28: 0000000000000100Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x27: 8cff000800563c88 x26: 3dff000800566220Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x25: 7bff0008005c0800 x24: c3ff00080056a580Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x23: 33ff000800563500 x22: 8cff000800563c80Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x21: ffff9000109b57a4 x20: 33ff000800563500Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x19: ffffffdfffc00000 x18: 0000000000000040Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x17: 0000000000400000 x16: ffff900010c00000Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x15: 0000000000000000 x14: ffff90001121a590Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x13: ffff90001013c6fc x12: ffff900010141c78Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x11: 0000000000000001 x10: ffff8fff8fc00000Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x9 : 0001000080000000 x8 : 0030ffe001e01580Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x7 : ffffffffffffffff x6 : 33ff000800563520Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x5 : 0000000000000000 x4 : 0000000000000000Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x3 : 0000000000000100 x2 : ffff900012e324f8Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] x1 : 33ff000800563500 x0 : c40000088056a580Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] Call trace:
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂkfree+0x160/0xc98
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂfree_cpumask_var+0xc/0x14
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂapply_wqattrs_prepare+0x2e4/0x3b0
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂapply_workqueue_attrs_locked+0x7c/0xdc
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂalloc_workqueue+0x340/0x69c
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂworkqueue_init_early+0x4b4/0x654
[ÂÂÂÂ0.000000][ÂÂÂÂT0]ÂÂstart_kernel+0x210/0x558
[ÂÂÂÂ0.000000][ÂÂÂÂT0] Code: 97f323d3 d34afc08 927abd08 8b080268 (f9400509)Â
[ÂÂÂÂ0.000000][ÂÂÂÂT0] ---[ end trace 8710f821a534a562 ]---
[ÂÂÂÂ0.000000][ÂÂÂÂT0] Kernel panic - not syncing: Fatal exception
[ÂÂÂÂ0.000000][ÂÂÂÂT0] ---[ end Kernel panic - not syncing: Fatal exception ]---