System is broken in KASAN sw_tags mode during bootup
0 views
Skip to first unread message
Baoquan He
Nov 25, 2025, 10:26:58 AM (yesterday) Nov 25
to kasa...@googlegroups.com, b...@vger.kernel.org, ryabin...@gmail.com, gli...@google.com, andre...@gmail.com, dvy...@google.com, vincenzo...@arm.com, linux-...@vger.kernel.org, a...@kernel.org, dan...@iogearbox.net
Hi,
I saw this on tag: next-20251125, next/master. The complete kernel
config is attachd in attachment. If any other info is needed, please
reply to note.
=====abstracted config====
CONFIG_KASAN=y
CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX=y
# CONFIG_KASAN_GENERIC is not set
CONFIG_KASAN_SW_TAGS=y
CONFIG_KASAN_INLINE=y
CONFIG_KASAN_STACK=y
CONFIG_KASAN_VMALLOC=y
==========================
==========abstracted boot log============
[ 25.041517] ========================
** replaying previous printk message **
[ 25.041517] ==================================================================
[ 25.041548] BUG: KASAN: invalid-access in adjust_insn_aux_data.isra.0+0xd0/0x170
[ 25.041622] Write of size 6160 at addr f2ff80008012b108 by task systemd/1
[ 25.041667] Pointer tag: [f2], memory tag: [65]
[ 25.041693]
[ 25.041721] CPU: 11 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc7-next-20251125 #1 PREEMPT(voluntary)
[ 25.041788] Hardware name: CRAY CS500/CMUD , BIOS 1.4.0 Jun 17 2020
[ 25.041817] Call trace:
[ 25.041837] show_stack+0x20/0x40 (C)
[ 25.041905] dump_stack_lvl+0x7c/0xa0
[ 25.041969] print_address_description.isra.0+0x90/0x2b8
[ 25.042054] print_report+0x120/0x208
[ 25.042128] kasan_report+0xc8/0x110
[ 25.042204] kasan_check_range+0x7c/0xa0
[ 25.042266] __asan_memmove+0x54/0x98
[ 25.042341] adjust_insn_aux_data.isra.0+0xd0/0x170
[ 25.042416] bpf_patch_insn_data+0xe4/0x360
[ 25.042486] convert_ctx_accesses+0x8d8/0x10c0
[ 25.042562] bpf_check+0x1458/0x1910
[ 25.042623] bpf_prog_load+0x958/0x1260
[ 25.042700] __sys_bpf+0x954/0xdd8
[ 25.042758] __arm64_sys_bpf+0x50/0xa0
[ 25.042818] invoke_syscall.constprop.0+0x88/0x148
[ 25.042890] el0_svc_common.constprop.0+0x7c/0x148
[ 25.042960] do_el0_svc+0x38/0x50
[ 25.043022] el0_svc+0x3c/0x180
[ 25.043095] el0t_64_sync_handler+0xa0/0xe8
[ 25.043172] el0t_64_sync+0x1b0/0x1b8
[ 25.043234]
[ 25.043249] The buggy address belongs to a 2-page vmalloc region starting at 0xf2ff80008012b000 allocated at bpf_check+0xfc/0x1910
[ 25.043323] The buggy address belongs to the physical page:
[ 25.043344] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x800fb38
[ 25.043386] flags: 0x25200000000000(node=0|zone=2|kasantag=0x52)
[ 25.043453] raw: 0025200000000000 0000000000000000 dead000000000122 0000000000000000
[ 25.043505] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 25.043546] raw: 00000000000fffff 0000000000000000
[ 25.043574] page dumped because: kasan: bad access detected
[ 25.043596]
[ 25.043610] Memory state around the buggy address:
[ 25.043637] ffff80008012c600: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
[ 25.043677] ffff80008012c700: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
[ 25.043717] >ffff80008012c800: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 65 65 65 65
[ 25.043747] ^
[ 25.043778] ffff80008012c900: 65 65 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 25.043818] ffff80008012ca00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 25.043848] ==================================================================
[ 25.043936] Disabling lock debugging due to kernel taint
[ 25.043990] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
[ 25.044022] Mem abort info:
[ 25.044037] ESR = 0x0000000096000004
[ 25.044060] EC = 0x25: DABT (current EL), IL = 32 bits
[ 25.044091] SET = 0, FnV = 0
[ 25.044115] EA = 0, S1PTW = 0
[ 25.044138] FSC = 0x04: level 0 translation fault
[ 25.044164] Data abort info:
[ 25.044179] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 25.044204] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 25.044236] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 25.044312] user pgtable: 4k pages, 48-bit VAs, pgdp=0000008802e8e000
[ 25.044351] [0000000000000020] pgd=0000000000000000, p4d=0000000000000000
[ 25.044404] Internal error: Oops: 0000000096000004 [#1] SMP
[ 25.388029] Modules linked in: aes_neon_bs
[ 25.392584] CPU: 11 UID: 0 PID: 1 Comm: systemd Tainted: G B 6.18.0-rc7-next-20251125 #1 PREEMPT(voluntary)
[ 25.404713] Tainted: [B]=BAD_PAGE
[ 25.408251] Hardware name: CRAY CS500/CMUD , BIOS 1.4.0 Jun 17 2020
[ 25.415524] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 25.423112] pc : do_misc_fixups+0x18a0/0x3438
[ 25.427722] lr : do_misc_fixups+0x18a0/0x3438
[ 25.432523] sp : ffff800080397800
[ 25.436062] x29: ffff8000803978d0 x28: 0000000000000011 x27: a3ff007f8fb6e720
[ 25.443859] x26: 0000000000000001 x25: 62ff8000801290ec x24: 0000000000000000
[ 25.451453] x23: 0000000000000000 x22: f2ff80008012b5d8 x21: 62ff800080129000
[ 25.459252] x20: a3ff007f8fb68000 x19: 62ff8000801290e8 x18: 0000000000006728
[ 25.466877] x17: 3d3d3d3d3d3d3d3d x16: 3d3d3d3d3d3d3d3d x15: 3d3d3d3d3d3d3d3d
[ 25.474673] x14: 3d3d3d3d3d3d3d3d x13: 0000000000000001 x12: 0000000000000001
[ 25.482464] x11: 65756420676e6967 x10: 6775626564206b63 x9 : 0000000000000007
[ 25.490064] x8 : ffff8000803977e0 x7 : 0000000000000000 x6 : 0000000000000020
[ 25.497863] x5 : 0000000000000001 x4 : 74ff009780184580 x3 : 0000000000000020
[ 25.505456] x2 : 0000000000000001 x1 : ffffcedca27f6768 x0 : 0000000000000001
[ 25.513250] Call trace:
[ 25.515928] do_misc_fixups+0x18a0/0x3438 (P)
[ 25.520534] bpf_check+0x1468/0x1910
[ 25.524558] bpf_prog_load+0x958/0x1260
[ 25.528680] __sys_bpf+0x954/0xdd8
[ 25.532331] __arm64_sys_bpf+0x50/0xa0
[ 25.536336] invoke_syscall.constprop.0+0x88/0x148
[ 25.541572] el0_svc_common.constprop.0+0x7c/0x148
[ 25.546804] do_el0_svc+0x38/0x50
[ 25.550376] el0_svc+0x3c/0x180
[ 25.553774] el0t_64_sync_handler+0xa0/0xe8
[ 25.558441] el0t_64_sync+0x1b0/0x1b8
[ 25.562374] Code: 9409e8d8 f94002d7 910082e0 9409e8d5 (f94012f6)
[ 25.568889] ---[ end trace 0000000000000000 ]---
[ 25.574608] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 25.582674] SMP: stopping secondary CPUs
[ 25.587032] Kernel Offset: 0x4edc1e800000 from 0xffff800080000000
[ 25.593543] PHYS_OFFSET: 0x80000000
[ 25.597250] CPU features: 0x000000,000da001,5008c401,04017203
[ 25.603410] Memory Limit: none
[ 25.606697] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
I saw this on tag: next-20251125, next/master. The complete kernel
config is attachd in attachment. If any other info is needed, please
reply to note.
=====abstracted config====
CONFIG_KASAN=y
CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX=y
# CONFIG_KASAN_GENERIC is not set
CONFIG_KASAN_SW_TAGS=y
CONFIG_KASAN_INLINE=y
CONFIG_KASAN_STACK=y
CONFIG_KASAN_VMALLOC=y
==========================
==========abstracted boot log============
[ 25.041517] ========================
** replaying previous printk message **
[ 25.041517] ==================================================================
[ 25.041548] BUG: KASAN: invalid-access in adjust_insn_aux_data.isra.0+0xd0/0x170
[ 25.041622] Write of size 6160 at addr f2ff80008012b108 by task systemd/1
[ 25.041667] Pointer tag: [f2], memory tag: [65]
[ 25.041693]
[ 25.041721] CPU: 11 UID: 0 PID: 1 Comm: systemd Not tainted 6.18.0-rc7-next-20251125 #1 PREEMPT(voluntary)
[ 25.041788] Hardware name: CRAY CS500/CMUD , BIOS 1.4.0 Jun 17 2020
[ 25.041817] Call trace:
[ 25.041837] show_stack+0x20/0x40 (C)
[ 25.041905] dump_stack_lvl+0x7c/0xa0
[ 25.041969] print_address_description.isra.0+0x90/0x2b8
[ 25.042054] print_report+0x120/0x208
[ 25.042128] kasan_report+0xc8/0x110
[ 25.042204] kasan_check_range+0x7c/0xa0
[ 25.042266] __asan_memmove+0x54/0x98
[ 25.042341] adjust_insn_aux_data.isra.0+0xd0/0x170
[ 25.042416] bpf_patch_insn_data+0xe4/0x360
[ 25.042486] convert_ctx_accesses+0x8d8/0x10c0
[ 25.042562] bpf_check+0x1458/0x1910
[ 25.042623] bpf_prog_load+0x958/0x1260
[ 25.042700] __sys_bpf+0x954/0xdd8
[ 25.042758] __arm64_sys_bpf+0x50/0xa0
[ 25.042818] invoke_syscall.constprop.0+0x88/0x148
[ 25.042890] el0_svc_common.constprop.0+0x7c/0x148
[ 25.042960] do_el0_svc+0x38/0x50
[ 25.043022] el0_svc+0x3c/0x180
[ 25.043095] el0t_64_sync_handler+0xa0/0xe8
[ 25.043172] el0t_64_sync+0x1b0/0x1b8
[ 25.043234]
[ 25.043249] The buggy address belongs to a 2-page vmalloc region starting at 0xf2ff80008012b000 allocated at bpf_check+0xfc/0x1910
[ 25.043323] The buggy address belongs to the physical page:
[ 25.043344] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x800fb38
[ 25.043386] flags: 0x25200000000000(node=0|zone=2|kasantag=0x52)
[ 25.043453] raw: 0025200000000000 0000000000000000 dead000000000122 0000000000000000
[ 25.043505] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 25.043546] raw: 00000000000fffff 0000000000000000
[ 25.043574] page dumped because: kasan: bad access detected
[ 25.043596]
[ 25.043610] Memory state around the buggy address:
[ 25.043637] ffff80008012c600: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
[ 25.043677] ffff80008012c700: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
[ 25.043717] >ffff80008012c800: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 65 65 65 65
[ 25.043747] ^
[ 25.043778] ffff80008012c900: 65 65 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 25.043818] ffff80008012ca00: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
[ 25.043848] ==================================================================
[ 25.043936] Disabling lock debugging due to kernel taint
[ 25.043990] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
[ 25.044022] Mem abort info:
[ 25.044037] ESR = 0x0000000096000004
[ 25.044060] EC = 0x25: DABT (current EL), IL = 32 bits
[ 25.044091] SET = 0, FnV = 0
[ 25.044115] EA = 0, S1PTW = 0
[ 25.044138] FSC = 0x04: level 0 translation fault
[ 25.044164] Data abort info:
[ 25.044179] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 25.044204] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 25.044236] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 25.044312] user pgtable: 4k pages, 48-bit VAs, pgdp=0000008802e8e000
[ 25.044351] [0000000000000020] pgd=0000000000000000, p4d=0000000000000000
[ 25.044404] Internal error: Oops: 0000000096000004 [#1] SMP
[ 25.388029] Modules linked in: aes_neon_bs
[ 25.392584] CPU: 11 UID: 0 PID: 1 Comm: systemd Tainted: G B 6.18.0-rc7-next-20251125 #1 PREEMPT(voluntary)
[ 25.404713] Tainted: [B]=BAD_PAGE
[ 25.408251] Hardware name: CRAY CS500/CMUD , BIOS 1.4.0 Jun 17 2020
[ 25.415524] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 25.423112] pc : do_misc_fixups+0x18a0/0x3438
[ 25.427722] lr : do_misc_fixups+0x18a0/0x3438
[ 25.432523] sp : ffff800080397800
[ 25.436062] x29: ffff8000803978d0 x28: 0000000000000011 x27: a3ff007f8fb6e720
[ 25.443859] x26: 0000000000000001 x25: 62ff8000801290ec x24: 0000000000000000
[ 25.451453] x23: 0000000000000000 x22: f2ff80008012b5d8 x21: 62ff800080129000
[ 25.459252] x20: a3ff007f8fb68000 x19: 62ff8000801290e8 x18: 0000000000006728
[ 25.466877] x17: 3d3d3d3d3d3d3d3d x16: 3d3d3d3d3d3d3d3d x15: 3d3d3d3d3d3d3d3d
[ 25.474673] x14: 3d3d3d3d3d3d3d3d x13: 0000000000000001 x12: 0000000000000001
[ 25.482464] x11: 65756420676e6967 x10: 6775626564206b63 x9 : 0000000000000007
[ 25.490064] x8 : ffff8000803977e0 x7 : 0000000000000000 x6 : 0000000000000020
[ 25.497863] x5 : 0000000000000001 x4 : 74ff009780184580 x3 : 0000000000000020
[ 25.505456] x2 : 0000000000000001 x1 : ffffcedca27f6768 x0 : 0000000000000001
[ 25.513250] Call trace:
[ 25.515928] do_misc_fixups+0x18a0/0x3438 (P)
[ 25.520534] bpf_check+0x1468/0x1910
[ 25.524558] bpf_prog_load+0x958/0x1260
[ 25.528680] __sys_bpf+0x954/0xdd8
[ 25.532331] __arm64_sys_bpf+0x50/0xa0
[ 25.536336] invoke_syscall.constprop.0+0x88/0x148
[ 25.541572] el0_svc_common.constprop.0+0x7c/0x148
[ 25.546804] do_el0_svc+0x38/0x50
[ 25.550376] el0_svc+0x3c/0x180
[ 25.553774] el0t_64_sync_handler+0xa0/0xe8
[ 25.558441] el0t_64_sync+0x1b0/0x1b8
[ 25.562374] Code: 9409e8d8 f94002d7 910082e0 9409e8d5 (f94012f6)
[ 25.568889] ---[ end trace 0000000000000000 ]---
[ 25.574608] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b
[ 25.582674] SMP: stopping secondary CPUs
[ 25.587032] Kernel Offset: 0x4edc1e800000 from 0xffff800080000000
[ 25.593543] PHYS_OFFSET: 0x80000000
[ 25.597250] CPU features: 0x000000,000da001,5008c401,04017203
[ 25.603410] Memory Limit: none
[ 25.606697] ---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]---
Reply all
Reply to author
Forward
0 new messages