From: kernel test robot <oliver.sang@intel.com>
To: Suren Baghdasaryan <surenb@google.com>
Cc: <oe-lkp@lists.linux.dev>, <lkp@intel.com>,
Andrew Morton <akpm@linux-foundation.org>,
Pasha Tatashin <pasha.tatashin@soleen.com>,
"Ard Biesheuvel" <ardb@kernel.org>, Arnd Bergmann <arnd@arndb.de>,
Borislav Petkov <bp@alien8.de>,
Christoph Hellwig <hch@infradead.org>,
Daniel Gomez <da.gomez@samsung.com>,
David Hildenbrand <david@redhat.com>,
Davidlohr Bueso <dave@stgolabs.net>,
David Rientjes <rientjes@google.com>,
Dennis Zhou <dennis@kernel.org>,
Johannes Weiner <hannes@cmpxchg.org>,
John Hubbard <jhubbard@nvidia.com>,
Jonathan Corbet <corbet@lwn.net>,
Joonsoo Kim <iamjoonsoo.kim@lge.com>,
Kalesh Singh <kaleshsingh@google.com>,
Kees Cook <keescook@chromium.org>,
Kent Overstreet <kent.overstreet@linux.dev>,
"Liam R. Howlett" <Liam.Howlett@oracle.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Matthew Wilcox <willy@infradead.org>,
Michal Hocko <mhocko@suse.com>, "Mike Rapoport" <rppt@kernel.org>,
Minchan Kim <minchan@google.com>,
"Paul E. McKenney" <paulmck@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
"Roman Gushchin" <roman.gushchin@linux.dev>,
Sami Tolvanen <samitolvanen@google.com>,
Sourav Panda <souravpanda@google.com>,
Steven Rostedt <rostedt@goodmis.org>,
Thomas Gleixner <tglx@linutronix.de>,
Thomas Huth <thuth@redhat.com>,
Uladzislau Rezki <urezki@gmail.com>,
Vlastimil Babka <vbabka@suse.cz>,
Xiongwei Song <xiongwei.song@windriver.com>,
Yu Zhao <yuzhao@google.com>, <linux-kernel@vger.kernel.org>,
<linux-mm@kvack.org>, <oliver.sang@intel.com>
Subject: [linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module
Date: Mon, 28 Oct 2024 15:05:33 +0800 [thread overview]
Message-ID: <202410281441.216670ac-lkp@intel.com> (raw)
Hello,
kernel test robot noticed "BUG:KASAN:vmalloc-out-of-bounds_in_load_module" on:
commit: a9c60bb0d0e58ca30b8bfd00bddbe5bf79bd120c ("alloc_tag: populate memory for module tags as needed")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master a39230ecf6b3057f5897bc4744a790070cfbe7a8]
in testcase: boot
config: x86_64-randconfig-016-20241026
compiler: clang-19
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------------+------------+------------+
| | e88dfe467a | a9c60bb0d0 |
+------------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 6 |
| BUG:KASAN:vmalloc-out-of-bounds_in_load_module | 0 | 6 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 6 |
| Oops | 0 | 6 |
| RIP:kasan_metadata_fetch_row | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202410281441.216670ac-lkp@intel.com
[ 42.810547][ T114] BUG: KASAN: vmalloc-out-of-bounds in load_module (kernel/module/main.c:2353)
[ 42.811473][ T114] Write of size 520 at addr ffffffffa0000000 by task modprobe/114
[ 42.812394][ T114]
[ 42.812758][ T114] CPU: 0 UID: 0 PID: 114 Comm: modprobe Tainted: G T 6.12.0-rc4-00199-ga9c60bb0d0e5 #1 18071a02e852b21a65d5fedadb69938108f9c3ec
[ 42.814382][ T114] Tainted: [T]=RANDSTRUCT
[ 42.814943][ T114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 42.816126][ T114] Call Trace:
[ 42.816599][ T114] <TASK>
[ 42.817020][ T114] dump_stack_lvl (lib/dump_stack.c:122)
[ 42.817627][ T114] print_report (mm/kasan/report.c:378)
[ 42.818207][ T114] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:107)
[ 42.818822][ T114] ? __virt_addr_valid (arch/x86/mm/physaddr.c:?)
[ 42.819469][ T114] ? kasan_addr_to_slab (mm/kasan/common.c:37)
[ 42.823016][ T114] kasan_report (mm/kasan/report.c:603)
[ 42.823612][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.824202][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.824819][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.825390][ T114] kasan_check_range (mm/kasan/generic.c:?)
[ 42.825997][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.826578][ T114] __asan_memcpy (mm/kasan/shadow.c:105)
[ 42.827149][ T114] load_module (kernel/module/main.c:2353)
[ 42.827719][ T114] __se_sys_finit_module (kernel/module/main.c:? kernel/module/main.c:3298 kernel/module/main.c:3325 kernel/module/main.c:3308)
[ 42.828345][ T114] __ia32_sys_finit_module (kernel/module/main.c:3308)
[ 42.828988][ T114] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-016-20241026/./arch/x86/include/generated/asm/syscalls_32.h:463)
[ 42.829614][ T114] __do_fast_syscall_32 (arch/x86/entry/common.c:?)
[ 42.830291][ T114] ? irqentry_exit_to_user_mode (kernel/entry/common.c:234)
[ 42.830316][ T114] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 42.830334][ T114] do_SYSENTER_32 (arch/x86/entry/common.c:449)
[ 42.830349][ T114] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 42.830370][ T114] RIP: 0023:0xf7f77539
[ 42.830381][ T114] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
All code
========
0: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
4: 10 07 adc %al,(%rdi)
6: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
a: 10 08 adc %cl,(%rax)
c: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
39: 00 00 00
3c: 0f .byte 0xf
3d: 1f (bad)
3e: 44 rex.R
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
f: 00 00 00
12: 0f .byte 0xf
13: 1f (bad)
14: 44 rex.R
...
[ 42.830390][ T114] RSP: 002b:00000000ff9f932c EFLAGS: 00200292 ORIG_RAX: 000000000000015e
[ 42.830406][ T114] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000565d4214
[ 42.830415][ T114] RDX: 0000000000000000 RSI: 00000000565e7420 RDI: 00000000565e7090
[ 42.830424][ T114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 42.830433][ T114] R10: 0000000000000000 R11: 0000000000200246 R12: 0000000000000000
[ 42.830442][ T114] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 42.830455][ T114] </TASK>
[ 42.830461][ T114]
[ 42.830464][ T114] Memory state around the buggy address:
[ 42.830478][ T114] BUG: unable to handle page fault for address: fffffbfff3ffffe0
[ 42.830485][ T114] #PF: supervisor read access in kernel mode
[ 42.830492][ T114] #PF: error_code(0x0000) - not-present page
[ 42.830500][ T114] PGD 417fd7067 P4D 417fd7067 PUD 417fd3067 PMD 0
[ 42.830522][ T114] Oops: Oops: 0000 [#1] SMP KASAN
[ 42.830536][ T114] CPU: 0 UID: 0 PID: 114 Comm: modprobe Tainted: G T 6.12.0-rc4-00199-ga9c60bb0d0e5 #1 18071a02e852b21a65d5fedadb69938108f9c3ec
[ 42.830555][ T114] Tainted: [T]=RANDSTRUCT
[ 42.830560][ T114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 42.830568][ T114] RIP: 0010:kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
[ 42.830586][ T114] Code: 86 e9 e8 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 66 0f 1f 00 55 48 89 e5 48 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <48> 8b 0c 06 48 8b 44 06 08 48 89 47 08 48 89 0f 5d 31 c0 31 c9 31
All code
========
0: 86 e9 xchg %ch,%cl
2: e8 fd ff ff 66 call 0x67000004
7: 2e 0f 1f 84 00 00 00 cs nopl 0x0(%rax,%rax,1)
e: 00 00
10: 0f 1f 40 00 nopl 0x0(%rax)
14: 66 0f 1f 00 nopw (%rax)
18: 55 push %rbp
19: 48 89 e5 mov %rsp,%rbp
1c: 48 c1 ee 03 shr $0x3,%rsi
20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
27: fc ff df
2a:* 48 8b 0c 06 mov (%rsi,%rax,1),%rcx <-- trapping instruction
2e: 48 8b 44 06 08 mov 0x8(%rsi,%rax,1),%rax
33: 48 89 47 08 mov %rax,0x8(%rdi)
37: 48 89 0f mov %rcx,(%rdi)
3a: 5d pop %rbp
3b: 31 c0 xor %eax,%eax
3d: 31 c9 xor %ecx,%ecx
3f: 31 .byte 0x31
Code starting with the faulting instruction
===========================================
0: 48 8b 0c 06 mov (%rsi,%rax,1),%rcx
4: 48 8b 44 06 08 mov 0x8(%rsi,%rax,1),%rax
9: 48 89 47 08 mov %rax,0x8(%rdi)
d: 48 89 0f mov %rcx,(%rdi)
10: 5d pop %rbp
11: 31 c0 xor %eax,%eax
13: 31 c9 xor %ecx,%ecx
15: 31 .byte 0x31
[ 42.830596][ T114] RSP: 0018:ffffc90002107a60 EFLAGS: 00210802
[ 42.830607][ T114] RAX: dffffc0000000000 RBX: ffffffffa0000000 RCX: 0000000000000000
[ 42.830617][ T114] RDX: 0000000000000000 RSI: 1ffffffff3ffffe0 RDI: ffffc90002107aa0
[ 42.830625][ T114] RBP: ffffc90002107a60 R08: 0000000000000000 R09: 0000000000000000
[ 42.830634][ T114] R10: 0000000000000000 R11: 0000000000000000 R12: aaaaaaaaaaaaaaaa
[ 42.830643][ T114] R13: ffffffffa0000000 R14: ffffc90002107aa0 R15: ffffffff9fffff00
[ 42.830653][ T114] FS: 0000000000000000(0000) GS:ffff8883aee00000(0063) knlGS:00000000f7a65700
[ 42.830664][ T114] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 42.830674][ T114] CR2: fffffbfff3ffffe0 CR3: 0000000195e7b000 CR4: 00000000000406b0
[ 42.830689][ T114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.830698][ T114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.830707][ T114] Call Trace:
[ 42.830711][ T114] <TASK>
[ 42.830716][ T114] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 42.830736][ T114] ? __die (arch/x86/kernel/dumpstack.c:434)
[ 42.830753][ T114] ? page_fault_oops (arch/x86/mm/fault.c:711)
[ 42.830770][ T114] ? number (lib/vsprintf.c:574)
[ 42.830788][ T114] ? kernelmode_fixup_or_oops (arch/x86/mm/fault.c:739)
[ 42.830801][ T114] ? __bad_area_nosemaphore (arch/x86/mm/fault.c:793)
[ 42.830817][ T114] ? bad_area_nosemaphore (arch/x86/mm/fault.c:835)
[ 42.830829][ T114] ? do_kern_addr_fault (arch/x86/mm/fault.c:1199)
[ 42.830843][ T114] ? exc_page_fault (arch/x86/mm/fault.c:1480)
[ 42.830860][ T114] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
[ 42.830878][ T114] ? kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
[ 42.830892][ T114] print_report (mm/kasan/report.c:466)
[ 42.830903][ T114] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:107)
[ 42.830917][ T114] ? kasan_addr_to_slab (mm/kasan/common.c:37)
[ 42.830928][ T114] kasan_report (mm/kasan/report.c:603)
[ 42.830939][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.830956][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.830968][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.830979][ T114] kasan_check_range (mm/kasan/generic.c:?)
[ 42.830991][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.831003][ T114] __asan_memcpy (mm/kasan/shadow.c:105)
[ 42.831017][ T114] load_module (kernel/module/main.c:2353)
[ 42.831035][ T114] __se_sys_finit_module (kernel/module/main.c:? kernel/module/main.c:3298 kernel/module/main.c:3325 kernel/module/main.c:3308)
[ 42.831054][ T114] __ia32_sys_finit_module (kernel/module/main.c:3308)
[ 42.831067][ T114] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-016-20241026/./arch/x86/include/generated/asm/syscalls_32.h:463)
[ 42.831084][ T114] __do_fast_syscall_32 (arch/x86/entry/common.c:?)
[ 42.831100][ T114] ? irqentry_exit_to_user_mode (kernel/entry/common.c:234)
[ 42.831121][ T114] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 42.831137][ T114] do_SYSENTER_32 (arch/x86/entry/common.c:449)
[ 42.831150][ T114] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 42.831167][ T114] RIP: 0023:0xf7f77539
[ 42.831177][ T114] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
All code
========
0: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
4: 10 07 adc %al,(%rdi)
6: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
a: 10 08 adc %cl,(%rax)
c: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
39: 00 00 00
3c: 0f .byte 0xf
3d: 1f (bad)
3e: 44 rex.R
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
f: 00 00 00
12: 0f .byte 0xf
13: 1f (bad)
14: 44 rex.R
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241028/202410281441.216670ac-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2024-10-28 7:06 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202410281441.216670ac-lkp@intel.com \
--to=oliver.sang@intel.com \
--cc=Liam.Howlett@oracle.com \
--cc=akpm@linux-foundation.org \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=da.gomez@samsung.com \
--cc=dave@stgolabs.net \
--cc=david@redhat.com \
--cc=dennis@kernel.org \
--cc=hannes@cmpxchg.org \
--cc=hch@infradead.org \
--cc=iamjoonsoo.kim@lge.com \
--cc=jhubbard@nvidia.com \
--cc=kaleshsingh@google.com \
--cc=keescook@chromium.org \
--cc=kent.overstreet@linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=lkp@intel.com \
--cc=mcgrof@kernel.org \
--cc=mhocko@suse.com \
--cc=minchan@google.com \
--cc=oe-lkp@lists.linux.dev \
--cc=pasha.tatashin@soleen.com \
--cc=paulmck@kernel.org \
--cc=petr.pavlu@suse.com \
--cc=rientjes@google.com \
--cc=roman.gushchin@linux.dev \
--cc=rostedt@goodmis.org \
--cc=rppt@kernel.org \
--cc=samitolvanen@google.com \
--cc=souravpanda@google.com \
--cc=surenb@google.com \
--cc=tglx@linutronix.de \
--cc=thuth@redhat.com \
--cc=urezki@gmail.com \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
--cc=xiongwei.song@windriver.com \
--cc=yuzhao@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox