* [linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module
@ 2024-10-28 7:05 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2024-10-28 7:05 UTC (permalink / raw)
To: Suren Baghdasaryan
Cc: oe-lkp, lkp, Andrew Morton, Pasha Tatashin, Ard Biesheuvel,
Arnd Bergmann, Borislav Petkov, Christoph Hellwig, Daniel Gomez,
David Hildenbrand, Davidlohr Bueso, David Rientjes, Dennis Zhou,
Johannes Weiner, John Hubbard, Jonathan Corbet, Joonsoo Kim,
Kalesh Singh, Kees Cook, Kent Overstreet, Liam R. Howlett,
Luis Chamberlain, Matthew Wilcox, Michal Hocko, Mike Rapoport,
Minchan Kim, Paul E. McKenney, Petr Pavlu, Roman Gushchin,
Sami Tolvanen, Sourav Panda, Steven Rostedt, Thomas Gleixner,
Thomas Huth, Uladzislau Rezki, Vlastimil Babka, Xiongwei Song,
Yu Zhao, linux-kernel, linux-mm, oliver.sang
Hello,
kernel test robot noticed "BUG:KASAN:vmalloc-out-of-bounds_in_load_module" on:
commit: a9c60bb0d0e58ca30b8bfd00bddbe5bf79bd120c ("alloc_tag: populate memory for module tags as needed")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master a39230ecf6b3057f5897bc4744a790070cfbe7a8]
in testcase: boot
config: x86_64-randconfig-016-20241026
compiler: clang-19
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------------+------------+------------+
| | e88dfe467a | a9c60bb0d0 |
+------------------------------------------------+------------+------------+
| boot_successes | 6 | 0 |
| boot_failures | 0 | 6 |
| BUG:KASAN:vmalloc-out-of-bounds_in_load_module | 0 | 6 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 6 |
| Oops | 0 | 6 |
| RIP:kasan_metadata_fetch_row | 0 | 6 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 6 |
+------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202410281441.216670ac-lkp@intel.com
[ 42.810547][ T114] BUG: KASAN: vmalloc-out-of-bounds in load_module (kernel/module/main.c:2353)
[ 42.811473][ T114] Write of size 520 at addr ffffffffa0000000 by task modprobe/114
[ 42.812394][ T114]
[ 42.812758][ T114] CPU: 0 UID: 0 PID: 114 Comm: modprobe Tainted: G T 6.12.0-rc4-00199-ga9c60bb0d0e5 #1 18071a02e852b21a65d5fedadb69938108f9c3ec
[ 42.814382][ T114] Tainted: [T]=RANDSTRUCT
[ 42.814943][ T114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 42.816126][ T114] Call Trace:
[ 42.816599][ T114] <TASK>
[ 42.817020][ T114] dump_stack_lvl (lib/dump_stack.c:122)
[ 42.817627][ T114] print_report (mm/kasan/report.c:378)
[ 42.818207][ T114] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:107)
[ 42.818822][ T114] ? __virt_addr_valid (arch/x86/mm/physaddr.c:?)
[ 42.819469][ T114] ? kasan_addr_to_slab (mm/kasan/common.c:37)
[ 42.823016][ T114] kasan_report (mm/kasan/report.c:603)
[ 42.823612][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.824202][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.824819][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.825390][ T114] kasan_check_range (mm/kasan/generic.c:?)
[ 42.825997][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.826578][ T114] __asan_memcpy (mm/kasan/shadow.c:105)
[ 42.827149][ T114] load_module (kernel/module/main.c:2353)
[ 42.827719][ T114] __se_sys_finit_module (kernel/module/main.c:? kernel/module/main.c:3298 kernel/module/main.c:3325 kernel/module/main.c:3308)
[ 42.828345][ T114] __ia32_sys_finit_module (kernel/module/main.c:3308)
[ 42.828988][ T114] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-016-20241026/./arch/x86/include/generated/asm/syscalls_32.h:463)
[ 42.829614][ T114] __do_fast_syscall_32 (arch/x86/entry/common.c:?)
[ 42.830291][ T114] ? irqentry_exit_to_user_mode (kernel/entry/common.c:234)
[ 42.830316][ T114] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 42.830334][ T114] do_SYSENTER_32 (arch/x86/entry/common.c:449)
[ 42.830349][ T114] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 42.830370][ T114] RIP: 0023:0xf7f77539
[ 42.830381][ T114] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
All code
========
0: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
4: 10 07 adc %al,(%rdi)
6: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
a: 10 08 adc %cl,(%rax)
c: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
39: 00 00 00
3c: 0f .byte 0xf
3d: 1f (bad)
3e: 44 rex.R
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
f: 00 00 00
12: 0f .byte 0xf
13: 1f (bad)
14: 44 rex.R
...
[ 42.830390][ T114] RSP: 002b:00000000ff9f932c EFLAGS: 00200292 ORIG_RAX: 000000000000015e
[ 42.830406][ T114] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000565d4214
[ 42.830415][ T114] RDX: 0000000000000000 RSI: 00000000565e7420 RDI: 00000000565e7090
[ 42.830424][ T114] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 42.830433][ T114] R10: 0000000000000000 R11: 0000000000200246 R12: 0000000000000000
[ 42.830442][ T114] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 42.830455][ T114] </TASK>
[ 42.830461][ T114]
[ 42.830464][ T114] Memory state around the buggy address:
[ 42.830478][ T114] BUG: unable to handle page fault for address: fffffbfff3ffffe0
[ 42.830485][ T114] #PF: supervisor read access in kernel mode
[ 42.830492][ T114] #PF: error_code(0x0000) - not-present page
[ 42.830500][ T114] PGD 417fd7067 P4D 417fd7067 PUD 417fd3067 PMD 0
[ 42.830522][ T114] Oops: Oops: 0000 [#1] SMP KASAN
[ 42.830536][ T114] CPU: 0 UID: 0 PID: 114 Comm: modprobe Tainted: G T 6.12.0-rc4-00199-ga9c60bb0d0e5 #1 18071a02e852b21a65d5fedadb69938108f9c3ec
[ 42.830555][ T114] Tainted: [T]=RANDSTRUCT
[ 42.830560][ T114] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 42.830568][ T114] RIP: 0010:kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
[ 42.830586][ T114] Code: 86 e9 e8 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 66 0f 1f 00 55 48 89 e5 48 c1 ee 03 48 b8 00 00 00 00 00 fc ff df <48> 8b 0c 06 48 8b 44 06 08 48 89 47 08 48 89 0f 5d 31 c0 31 c9 31
All code
========
0: 86 e9 xchg %ch,%cl
2: e8 fd ff ff 66 call 0x67000004
7: 2e 0f 1f 84 00 00 00 cs nopl 0x0(%rax,%rax,1)
e: 00 00
10: 0f 1f 40 00 nopl 0x0(%rax)
14: 66 0f 1f 00 nopw (%rax)
18: 55 push %rbp
19: 48 89 e5 mov %rsp,%rbp
1c: 48 c1 ee 03 shr $0x3,%rsi
20: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
27: fc ff df
2a:* 48 8b 0c 06 mov (%rsi,%rax,1),%rcx <-- trapping instruction
2e: 48 8b 44 06 08 mov 0x8(%rsi,%rax,1),%rax
33: 48 89 47 08 mov %rax,0x8(%rdi)
37: 48 89 0f mov %rcx,(%rdi)
3a: 5d pop %rbp
3b: 31 c0 xor %eax,%eax
3d: 31 c9 xor %ecx,%ecx
3f: 31 .byte 0x31
Code starting with the faulting instruction
===========================================
0: 48 8b 0c 06 mov (%rsi,%rax,1),%rcx
4: 48 8b 44 06 08 mov 0x8(%rsi,%rax,1),%rax
9: 48 89 47 08 mov %rax,0x8(%rdi)
d: 48 89 0f mov %rcx,(%rdi)
10: 5d pop %rbp
11: 31 c0 xor %eax,%eax
13: 31 c9 xor %ecx,%ecx
15: 31 .byte 0x31
[ 42.830596][ T114] RSP: 0018:ffffc90002107a60 EFLAGS: 00210802
[ 42.830607][ T114] RAX: dffffc0000000000 RBX: ffffffffa0000000 RCX: 0000000000000000
[ 42.830617][ T114] RDX: 0000000000000000 RSI: 1ffffffff3ffffe0 RDI: ffffc90002107aa0
[ 42.830625][ T114] RBP: ffffc90002107a60 R08: 0000000000000000 R09: 0000000000000000
[ 42.830634][ T114] R10: 0000000000000000 R11: 0000000000000000 R12: aaaaaaaaaaaaaaaa
[ 42.830643][ T114] R13: ffffffffa0000000 R14: ffffc90002107aa0 R15: ffffffff9fffff00
[ 42.830653][ T114] FS: 0000000000000000(0000) GS:ffff8883aee00000(0063) knlGS:00000000f7a65700
[ 42.830664][ T114] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 42.830674][ T114] CR2: fffffbfff3ffffe0 CR3: 0000000195e7b000 CR4: 00000000000406b0
[ 42.830689][ T114] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 42.830698][ T114] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 42.830707][ T114] Call Trace:
[ 42.830711][ T114] <TASK>
[ 42.830716][ T114] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 42.830736][ T114] ? __die (arch/x86/kernel/dumpstack.c:434)
[ 42.830753][ T114] ? page_fault_oops (arch/x86/mm/fault.c:711)
[ 42.830770][ T114] ? number (lib/vsprintf.c:574)
[ 42.830788][ T114] ? kernelmode_fixup_or_oops (arch/x86/mm/fault.c:739)
[ 42.830801][ T114] ? __bad_area_nosemaphore (arch/x86/mm/fault.c:793)
[ 42.830817][ T114] ? bad_area_nosemaphore (arch/x86/mm/fault.c:835)
[ 42.830829][ T114] ? do_kern_addr_fault (arch/x86/mm/fault.c:1199)
[ 42.830843][ T114] ? exc_page_fault (arch/x86/mm/fault.c:1480)
[ 42.830860][ T114] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
[ 42.830878][ T114] ? kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
[ 42.830892][ T114] print_report (mm/kasan/report.c:466)
[ 42.830903][ T114] ? do_raw_spin_lock (arch/x86/include/asm/atomic.h:107)
[ 42.830917][ T114] ? kasan_addr_to_slab (mm/kasan/common.c:37)
[ 42.830928][ T114] kasan_report (mm/kasan/report.c:603)
[ 42.830939][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.830956][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.830968][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.830979][ T114] kasan_check_range (mm/kasan/generic.c:?)
[ 42.830991][ T114] ? load_module (kernel/module/main.c:2353)
[ 42.831003][ T114] __asan_memcpy (mm/kasan/shadow.c:105)
[ 42.831017][ T114] load_module (kernel/module/main.c:2353)
[ 42.831035][ T114] __se_sys_finit_module (kernel/module/main.c:? kernel/module/main.c:3298 kernel/module/main.c:3325 kernel/module/main.c:3308)
[ 42.831054][ T114] __ia32_sys_finit_module (kernel/module/main.c:3308)
[ 42.831067][ T114] ia32_sys_call (kbuild/obj/consumer/x86_64-randconfig-016-20241026/./arch/x86/include/generated/asm/syscalls_32.h:463)
[ 42.831084][ T114] __do_fast_syscall_32 (arch/x86/entry/common.c:?)
[ 42.831100][ T114] ? irqentry_exit_to_user_mode (kernel/entry/common.c:234)
[ 42.831121][ T114] do_fast_syscall_32 (arch/x86/entry/common.c:411)
[ 42.831137][ T114] do_SYSENTER_32 (arch/x86/entry/common.c:449)
[ 42.831150][ T114] entry_SYSENTER_compat_after_hwframe (arch/x86/entry/entry_64_compat.S:127)
[ 42.831167][ T114] RIP: 0023:0xf7f77539
[ 42.831177][ T114] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00
All code
========
0: 03 74 b4 01 add 0x1(%rsp,%rsi,4),%esi
4: 10 07 adc %al,(%rdi)
6: 03 74 b0 01 add 0x1(%rax,%rsi,4),%esi
a: 10 08 adc %cl,(%rax)
c: 03 74 d8 01 add 0x1(%rax,%rbx,8),%esi
...
20: 00 51 52 add %dl,0x52(%rcx)
23: 55 push %rbp
24:* 89 e5 mov %esp,%ebp <-- trapping instruction
26: 0f 34 sysenter
28: cd 80 int $0x80
2a: 5d pop %rbp
2b: 5a pop %rdx
2c: 59 pop %rcx
2d: c3 ret
2e: 90 nop
2f: 90 nop
30: 90 nop
31: 90 nop
32: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
39: 00 00 00
3c: 0f .byte 0xf
3d: 1f (bad)
3e: 44 rex.R
...
Code starting with the faulting instruction
===========================================
0: 5d pop %rbp
1: 5a pop %rdx
2: 59 pop %rcx
3: c3 ret
4: 90 nop
5: 90 nop
6: 90 nop
7: 90 nop
8: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
f: 00 00 00
12: 0f .byte 0xf
13: 1f (bad)
14: 44 rex.R
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241028/202410281441.216670ac-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-10-28 7:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-28 7:05 [linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox