* [linux-next:master] [alloc_tag] 0f9b685626: BUG:KASAN:vmalloc-out-of-bounds_in_move_module
@ 2024-11-13 14:06 kernel test robot
2024-11-13 21:34 ` Suren Baghdasaryan
0 siblings, 1 reply; 5+ messages in thread
From: kernel test robot @ 2024-11-13 14:06 UTC (permalink / raw)
To: Suren Baghdasaryan
Cc: oe-lkp, lkp, Andrew Morton, Pasha Tatashin, Ard Biesheuvel,
Arnd Bergmann, Borislav Petkov, Christoph Hellwig, Daniel Gomez,
David Hildenbrand, Davidlohr Bueso, David Rientjes, Dennis Zhou,
Johannes Weiner, John Hubbard, Jonathan Corbet, Joonsoo Kim,
Kalesh Singh, Kees Cook, Kent Overstreet, Liam R. Howlett,
Luis Chamberlain, Matthew Wilcox, Michal Hocko, Mike Rapoport,
Minchan Kim, Paul E. McKenney, Petr Pavlu, Roman Gushchin,
Sami Tolvanen, Sourav Panda, Steven Rostedt, Thomas Gleixner,
Thomas Huth, Uladzislau Rezki, Vlastimil Babka, Xiongwei Song,
Yu Zhao, linux-kernel, linux-mm, oliver.sang
Hello,
we reported
"[linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module"
in
https://lore.kernel.org/all/202410281441.216670ac-lkp@intel.com/
we noticed it seems there is following patch.
we made below report just FYI that the commit still cause similar issue on
linux-next/master and not fixed on tip of linux-next/master when this bisect
is done.
kernel test robot noticed "BUG:KASAN:vmalloc-out-of-bounds_in_move_module" on:
commit: 0f9b685626daa2f8e19a9788625c9b624c223e45 ("alloc_tag: populate memory for module tags as needed")
https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
[test failed on linux-next/master 929beafbe7acce3267c06115e13e03ff6e50548a]
in testcase: rcuscale
version:
with following parameters:
runtime: 300s
scale_type: srcu
config: x86_64-randconfig-014-20241107
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+------------------------------------------------+------------+------------+
| | 0db6f8d782 | 0f9b685626 |
+------------------------------------------------+------------+------------+
| boot_successes | 18 | 0 |
| boot_failures | 0 | 18 |
| BUG:KASAN:vmalloc-out-of-bounds_in_move_module | 0 | 18 |
| BUG:unable_to_handle_page_fault_for_address | 0 | 18 |
| Oops | 0 | 18 |
| RIP:kasan_metadata_fetch_row | 0 | 18 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
+------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202411132111.6a221562-lkp@intel.com
[ 153.897376][ T402] BUG: KASAN: vmalloc-out-of-bounds in move_module (kernel/module/main.c:2357)
[ 153.899141][ T402] Write of size 40 at addr ffffffffa0000000 by task modprobe/402
[ 153.900837][ T402]
[ 153.901496][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
[ 153.904537][ T402] Tainted: [T]=RANDSTRUCT
[ 153.905500][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 153.907702][ T402] Call Trace:
[ 153.908510][ T402] <TASK>
[ 153.909241][ T402] print_address_description+0x65/0x2fa
[ 153.910663][ T402] print_report (mm/kasan/report.c:489)
[ 153.911771][ T402] ? move_module (kernel/module/main.c:2357)
[ 153.912825][ T402] kasan_report (mm/kasan/report.c:603)
[ 153.913821][ T402] ? move_module (kernel/module/main.c:2357)
[ 153.914904][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
[ 153.916029][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
[ 153.917057][ T402] move_module (kernel/module/main.c:2357)
[ 153.918071][ T402] layout_and_allocate+0x446/0x523
[ 153.919459][ T402] load_module (kernel/module/main.c:2985)
[ 153.920457][ T402] ? mode_strip_umask (fs/namei.c:3248)
[ 153.921557][ T402] init_module_from_file (kernel/module/main.c:3266)
[ 153.922825][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
[ 153.923992][ T402] ? __lock_release+0x106/0x38c
[ 153.925173][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
[ 153.926364][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
[ 153.944053][ T402] idempotent_init_module (kernel/module/main.c:3302)
[ 153.945164][ T402] ? init_module_from_file (kernel/module/main.c:3294)
[ 153.946268][ T402] ? security_capable (security/security.c:1143)
[ 153.947421][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
[ 153.948495][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 153.949540][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 153.950855][ T402] RIP: 0033:0x7f0f37df7719
[ 153.951869][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
All code
========
0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
d: 00 00 00
10: 90 nop
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
[ 153.955810][ T402] RSP: 002b:00007ffccd7f7198 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 153.957666][ T402] RAX: ffffffffffffffda RBX: 000055cc9f9fddd0 RCX: 00007f0f37df7719
[ 153.959411][ T402] RDX: 0000000000000000 RSI: 000055cc9f9f24a0 RDI: 0000000000000004
[ 153.961142][ T402] RBP: 000055cc9f9f24a0 R08: 0000000000000000 R09: 000055cc9f9ff250
[ 153.962910][ T402] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000040000
[ 153.964665][ T402] R13: 0000000000000000 R14: 000055cc9f9fdd80 R15: 0000000000000000
[ 153.966393][ T402] </TASK>
[ 153.967209][ T402]
[ 153.967856][ T402] Memory state around the buggy address:
[ 153.969123][ T402] BUG: unable to handle page fault for address: fffffbfff3ffffe0
[ 153.970807][ T402] #PF: supervisor read access in kernel mode
[ 153.972036][ T402] #PF: error_code(0x0000) - not-present page
[ 153.973220][ T402] PGD 417fdb067 P4D 417fdb067 PUD 417fd7067 PMD 0
[ 153.974560][ T402] Oops: Oops: 0000 [#1] PREEMPT KASAN
[ 153.975758][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
[ 153.978853][ T402] Tainted: [T]=RANDSTRUCT
[ 153.979851][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 153.982008][ T402] RIP: 0010:kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
[ 153.983368][ T402] Code: 40 08 48 89 43 58 5b 31 c0 31 d2 31 c9 31 f6 31 ff c3 cc cc cc cc 66 0f 1f 00 b8 ff ff 37 00 48 c1 ee 03 48 c1 e0 2a 48 01 c6 <48> 8b 06 48 89 07 48 8b 46 08 48 89 47 08 31 c0 31 f6 31 ff c3 cc
All code
========
0: 40 08 48 89 rex or %cl,-0x77(%rax)
4: 43 58 rex.XB pop %r8
6: 5b pop %rbx
7: 31 c0 xor %eax,%eax
9: 31 d2 xor %edx,%edx
b: 31 c9 xor %ecx,%ecx
d: 31 f6 xor %esi,%esi
f: 31 ff xor %edi,%edi
11: c3 ret
12: cc int3
13: cc int3
14: cc int3
15: cc int3
16: 66 0f 1f 00 nopw (%rax)
1a: b8 ff ff 37 00 mov $0x37ffff,%eax
1f: 48 c1 ee 03 shr $0x3,%rsi
23: 48 c1 e0 2a shl $0x2a,%rax
27: 48 01 c6 add %rax,%rsi
2a:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
2d: 48 89 07 mov %rax,(%rdi)
30: 48 8b 46 08 mov 0x8(%rsi),%rax
34: 48 89 47 08 mov %rax,0x8(%rdi)
38: 31 c0 xor %eax,%eax
3a: 31 f6 xor %esi,%esi
3c: 31 ff xor %edi,%edi
3e: c3 ret
3f: cc int3
Code starting with the faulting instruction
===========================================
0: 48 8b 06 mov (%rsi),%rax
3: 48 89 07 mov %rax,(%rdi)
6: 48 8b 46 08 mov 0x8(%rsi),%rax
a: 48 89 47 08 mov %rax,0x8(%rdi)
e: 31 c0 xor %eax,%eax
10: 31 f6 xor %esi,%esi
12: 31 ff xor %edi,%edi
14: c3 ret
15: cc int3
[ 153.987254][ T402] RSP: 0018:ffffc9000218f9f8 EFLAGS: 00010082
[ 153.988595][ T402] RAX: dffffc0000000000 RBX: ffffffff9fffff00 RCX: 0000000000000000
[ 153.990325][ T402] RDX: 0000000000000000 RSI: fffffbfff3ffffe0 RDI: ffffc9000218fa04
[ 153.992086][ T402] RBP: 00000000fffffffe R08: 0000000000000000 R09: 0000000000000000
[ 153.993786][ T402] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0000000
[ 153.995554][ T402] R13: ffffffff864b4994 R14: ffffffff9fffff80 R15: 0000000000000028
[ 153.997305][ T402] FS: 00007f0f37cf5040(0000) GS:ffffffff86989000(0000) knlGS:0000000000000000
[ 153.999133][ T402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 154.000578][ T402] CR2: fffffbfff3ffffe0 CR3: 0000000128853000 CR4: 00000000000006b0
[ 154.002367][ T402] Call Trace:
[ 154.003318][ T402] <TASK>
[ 154.004087][ T402] ? __die_body (arch/x86/kernel/dumpstack.c:421)
[ 154.005074][ T402] ? page_fault_oops (arch/x86/mm/fault.c:710)
[ 154.006242][ T402] ? show_fault_oops (arch/x86/mm/fault.c:643)
[ 154.007368][ T402] ? search_module_extables (kernel/module/main.c:3369)
[ 154.008525][ T402] ? fixup_exception (arch/x86/mm/extable.c:321)
[ 154.009629][ T402] ? exc_page_fault (arch/x86/mm/fault.c:1479 arch/x86/mm/fault.c:1539)
[ 154.010771][ T402] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
[ 154.011853][ T402] ? kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
[ 154.013072][ T402] print_report (mm/kasan/report.c:466 mm/kasan/report.c:489)
[ 154.014122][ T402] ? move_module (kernel/module/main.c:2357)
[ 154.015238][ T402] kasan_report (mm/kasan/report.c:603)
[ 154.016231][ T402] ? move_module (kernel/module/main.c:2357)
[ 154.017255][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
[ 154.018379][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
[ 154.019400][ T402] move_module (kernel/module/main.c:2357)
[ 154.020435][ T402] layout_and_allocate+0x446/0x523
[ 154.021792][ T402] load_module (kernel/module/main.c:2985)
[ 154.022822][ T402] ? mode_strip_umask (fs/namei.c:3248)
[ 154.023928][ T402] init_module_from_file (kernel/module/main.c:3266)
[ 154.025069][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
[ 154.026265][ T402] ? __lock_release+0x106/0x38c
[ 154.027496][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
[ 154.028688][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
[ 154.029766][ T402] idempotent_init_module (kernel/module/main.c:3302)
[ 154.030985][ T402] ? init_module_from_file (kernel/module/main.c:3294)
[ 154.032192][ T402] ? security_capable (security/security.c:1143)
[ 154.033310][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
[ 154.034478][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
[ 154.035532][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
[ 154.036819][ T402] RIP: 0033:0x7f0f37df7719
[ 154.037865][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
All code
========
0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
d: 00 00 00
10: 90 nop
11: 48 89 f8 mov %rdi,%rax
14: 48 89 f7 mov %rsi,%rdi
17: 48 89 d6 mov %rdx,%rsi
1a: 48 89 ca mov %rcx,%rdx
1d: 4d 89 c2 mov %r8,%r10
20: 4d 89 c8 mov %r9,%r8
23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
28: 0f 05 syscall
2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
30: 73 01 jae 0x33
32: c3 ret
33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
3a: f7 d8 neg %eax
3c: 64 89 01 mov %eax,%fs:(%rcx)
3f: 48 rex.W
Code starting with the faulting instruction
===========================================
0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
6: 73 01 jae 0x9
8: c3 ret
9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
10: f7 d8 neg %eax
12: 64 89 01 mov %eax,%fs:(%rcx)
15: 48 rex.W
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20241113/202411132111.6a221562-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [linux-next:master] [alloc_tag] 0f9b685626: BUG:KASAN:vmalloc-out-of-bounds_in_move_module
2024-11-13 14:06 [linux-next:master] [alloc_tag] 0f9b685626: BUG:KASAN:vmalloc-out-of-bounds_in_move_module kernel test robot
@ 2024-11-13 21:34 ` Suren Baghdasaryan
2024-11-14 23:40 ` Suren Baghdasaryan
0 siblings, 1 reply; 5+ messages in thread
From: Suren Baghdasaryan @ 2024-11-13 21:34 UTC (permalink / raw)
To: kernel test robot
Cc: oe-lkp, lkp, Andrew Morton, Pasha Tatashin, Ard Biesheuvel,
Arnd Bergmann, Borislav Petkov, Christoph Hellwig, Daniel Gomez,
David Hildenbrand, Davidlohr Bueso, David Rientjes, Dennis Zhou,
Johannes Weiner, John Hubbard, Jonathan Corbet, Joonsoo Kim,
Kalesh Singh, Kees Cook, Kent Overstreet, Liam R. Howlett,
Luis Chamberlain, Matthew Wilcox, Michal Hocko, Mike Rapoport,
Minchan Kim, Paul E. McKenney, Petr Pavlu, Roman Gushchin,
Sami Tolvanen, Sourav Panda, Steven Rostedt, Thomas Gleixner,
Thomas Huth, Uladzislau Rezki, Vlastimil Babka, Xiongwei Song,
Yu Zhao, linux-kernel, linux-mm
On Wed, Nov 13, 2024 at 2:07 PM kernel test robot <oliver.sang@intel.com> wrote:
>
>
>
> Hello,
>
>
> we reported
> "[linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module"
> in
> https://lore.kernel.org/all/202410281441.216670ac-lkp@intel.com/
>
> we noticed it seems there is following patch.
>
> we made below report just FYI that the commit still cause similar issue on
> linux-next/master and not fixed on tip of linux-next/master when this bisect
> is done.
>
>
> kernel test robot noticed "BUG:KASAN:vmalloc-out-of-bounds_in_move_module" on:
>
> commit: 0f9b685626daa2f8e19a9788625c9b624c223e45 ("alloc_tag: populate memory for module tags as needed")
> https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
>
> [test failed on linux-next/master 929beafbe7acce3267c06115e13e03ff6e50548a]
>
> in testcase: rcuscale
> version:
> with following parameters:
>
> runtime: 300s
> scale_type: srcu
>
>
>
> config: x86_64-randconfig-014-20241107
> compiler: gcc-12
> test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
>
> (please refer to attached dmesg/kmsg for entire log/backtrace)
>
>
> +------------------------------------------------+------------+------------+
> | | 0db6f8d782 | 0f9b685626 |
> +------------------------------------------------+------------+------------+
> | boot_successes | 18 | 0 |
> | boot_failures | 0 | 18 |
> | BUG:KASAN:vmalloc-out-of-bounds_in_move_module | 0 | 18 |
> | BUG:unable_to_handle_page_fault_for_address | 0 | 18 |
> | Oops | 0 | 18 |
> | RIP:kasan_metadata_fetch_row | 0 | 18 |
> | Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
> +------------------------------------------------+------------+------------+
>
>
> If you fix the issue in a separate patch/commit (i.e. not just a new version of
> the same patch/commit), kindly add following tags
> | Reported-by: kernel test robot <oliver.sang@intel.com>
> | Closes: https://lore.kernel.org/oe-lkp/202411132111.6a221562-lkp@intel.com
Thanks for the report! I'm looking into this but so far could not find
an obvious issue. Will try to reproduce.
>
>
> [ 153.897376][ T402] BUG: KASAN: vmalloc-out-of-bounds in move_module (kernel/module/main.c:2357)
> [ 153.899141][ T402] Write of size 40 at addr ffffffffa0000000 by task modprobe/402
> [ 153.900837][ T402]
> [ 153.901496][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> [ 153.904537][ T402] Tainted: [T]=RANDSTRUCT
> [ 153.905500][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 153.907702][ T402] Call Trace:
> [ 153.908510][ T402] <TASK>
> [ 153.909241][ T402] print_address_description+0x65/0x2fa
> [ 153.910663][ T402] print_report (mm/kasan/report.c:489)
> [ 153.911771][ T402] ? move_module (kernel/module/main.c:2357)
> [ 153.912825][ T402] kasan_report (mm/kasan/report.c:603)
> [ 153.913821][ T402] ? move_module (kernel/module/main.c:2357)
> [ 153.914904][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> [ 153.916029][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> [ 153.917057][ T402] move_module (kernel/module/main.c:2357)
> [ 153.918071][ T402] layout_and_allocate+0x446/0x523
> [ 153.919459][ T402] load_module (kernel/module/main.c:2985)
> [ 153.920457][ T402] ? mode_strip_umask (fs/namei.c:3248)
> [ 153.921557][ T402] init_module_from_file (kernel/module/main.c:3266)
> [ 153.922825][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> [ 153.923992][ T402] ? __lock_release+0x106/0x38c
> [ 153.925173][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> [ 153.926364][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> [ 153.944053][ T402] idempotent_init_module (kernel/module/main.c:3302)
> [ 153.945164][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> [ 153.946268][ T402] ? security_capable (security/security.c:1143)
> [ 153.947421][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> [ 153.948495][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> [ 153.949540][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> [ 153.950855][ T402] RIP: 0033:0x7f0f37df7719
> [ 153.951869][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> All code
> ========
> 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> d: 00 00 00
> 10: 90 nop
> 11: 48 89 f8 mov %rdi,%rax
> 14: 48 89 f7 mov %rsi,%rdi
> 17: 48 89 d6 mov %rdx,%rsi
> 1a: 48 89 ca mov %rcx,%rdx
> 1d: 4d 89 c2 mov %r8,%r10
> 20: 4d 89 c8 mov %r9,%r8
> 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> 28: 0f 05 syscall
> 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> 30: 73 01 jae 0x33
> 32: c3 ret
> 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> 3a: f7 d8 neg %eax
> 3c: 64 89 01 mov %eax,%fs:(%rcx)
> 3f: 48 rex.W
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> 6: 73 01 jae 0x9
> 8: c3 ret
> 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> 10: f7 d8 neg %eax
> 12: 64 89 01 mov %eax,%fs:(%rcx)
> 15: 48 rex.W
> [ 153.955810][ T402] RSP: 002b:00007ffccd7f7198 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> [ 153.957666][ T402] RAX: ffffffffffffffda RBX: 000055cc9f9fddd0 RCX: 00007f0f37df7719
> [ 153.959411][ T402] RDX: 0000000000000000 RSI: 000055cc9f9f24a0 RDI: 0000000000000004
> [ 153.961142][ T402] RBP: 000055cc9f9f24a0 R08: 0000000000000000 R09: 000055cc9f9ff250
> [ 153.962910][ T402] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000040000
> [ 153.964665][ T402] R13: 0000000000000000 R14: 000055cc9f9fdd80 R15: 0000000000000000
> [ 153.966393][ T402] </TASK>
> [ 153.967209][ T402]
> [ 153.967856][ T402] Memory state around the buggy address:
> [ 153.969123][ T402] BUG: unable to handle page fault for address: fffffbfff3ffffe0
> [ 153.970807][ T402] #PF: supervisor read access in kernel mode
> [ 153.972036][ T402] #PF: error_code(0x0000) - not-present page
> [ 153.973220][ T402] PGD 417fdb067 P4D 417fdb067 PUD 417fd7067 PMD 0
> [ 153.974560][ T402] Oops: Oops: 0000 [#1] PREEMPT KASAN
> [ 153.975758][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> [ 153.978853][ T402] Tainted: [T]=RANDSTRUCT
> [ 153.979851][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> [ 153.982008][ T402] RIP: 0010:kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> [ 153.983368][ T402] Code: 40 08 48 89 43 58 5b 31 c0 31 d2 31 c9 31 f6 31 ff c3 cc cc cc cc 66 0f 1f 00 b8 ff ff 37 00 48 c1 ee 03 48 c1 e0 2a 48 01 c6 <48> 8b 06 48 89 07 48 8b 46 08 48 89 47 08 31 c0 31 f6 31 ff c3 cc
> All code
> ========
> 0: 40 08 48 89 rex or %cl,-0x77(%rax)
> 4: 43 58 rex.XB pop %r8
> 6: 5b pop %rbx
> 7: 31 c0 xor %eax,%eax
> 9: 31 d2 xor %edx,%edx
> b: 31 c9 xor %ecx,%ecx
> d: 31 f6 xor %esi,%esi
> f: 31 ff xor %edi,%edi
> 11: c3 ret
> 12: cc int3
> 13: cc int3
> 14: cc int3
> 15: cc int3
> 16: 66 0f 1f 00 nopw (%rax)
> 1a: b8 ff ff 37 00 mov $0x37ffff,%eax
> 1f: 48 c1 ee 03 shr $0x3,%rsi
> 23: 48 c1 e0 2a shl $0x2a,%rax
> 27: 48 01 c6 add %rax,%rsi
> 2a:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
> 2d: 48 89 07 mov %rax,(%rdi)
> 30: 48 8b 46 08 mov 0x8(%rsi),%rax
> 34: 48 89 47 08 mov %rax,0x8(%rdi)
> 38: 31 c0 xor %eax,%eax
> 3a: 31 f6 xor %esi,%esi
> 3c: 31 ff xor %edi,%edi
> 3e: c3 ret
> 3f: cc int3
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 8b 06 mov (%rsi),%rax
> 3: 48 89 07 mov %rax,(%rdi)
> 6: 48 8b 46 08 mov 0x8(%rsi),%rax
> a: 48 89 47 08 mov %rax,0x8(%rdi)
> e: 31 c0 xor %eax,%eax
> 10: 31 f6 xor %esi,%esi
> 12: 31 ff xor %edi,%edi
> 14: c3 ret
> 15: cc int3
> [ 153.987254][ T402] RSP: 0018:ffffc9000218f9f8 EFLAGS: 00010082
> [ 153.988595][ T402] RAX: dffffc0000000000 RBX: ffffffff9fffff00 RCX: 0000000000000000
> [ 153.990325][ T402] RDX: 0000000000000000 RSI: fffffbfff3ffffe0 RDI: ffffc9000218fa04
> [ 153.992086][ T402] RBP: 00000000fffffffe R08: 0000000000000000 R09: 0000000000000000
> [ 153.993786][ T402] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0000000
> [ 153.995554][ T402] R13: ffffffff864b4994 R14: ffffffff9fffff80 R15: 0000000000000028
> [ 153.997305][ T402] FS: 00007f0f37cf5040(0000) GS:ffffffff86989000(0000) knlGS:0000000000000000
> [ 153.999133][ T402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [ 154.000578][ T402] CR2: fffffbfff3ffffe0 CR3: 0000000128853000 CR4: 00000000000006b0
> [ 154.002367][ T402] Call Trace:
> [ 154.003318][ T402] <TASK>
> [ 154.004087][ T402] ? __die_body (arch/x86/kernel/dumpstack.c:421)
> [ 154.005074][ T402] ? page_fault_oops (arch/x86/mm/fault.c:710)
> [ 154.006242][ T402] ? show_fault_oops (arch/x86/mm/fault.c:643)
> [ 154.007368][ T402] ? search_module_extables (kernel/module/main.c:3369)
> [ 154.008525][ T402] ? fixup_exception (arch/x86/mm/extable.c:321)
> [ 154.009629][ T402] ? exc_page_fault (arch/x86/mm/fault.c:1479 arch/x86/mm/fault.c:1539)
> [ 154.010771][ T402] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
> [ 154.011853][ T402] ? kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> [ 154.013072][ T402] print_report (mm/kasan/report.c:466 mm/kasan/report.c:489)
> [ 154.014122][ T402] ? move_module (kernel/module/main.c:2357)
> [ 154.015238][ T402] kasan_report (mm/kasan/report.c:603)
> [ 154.016231][ T402] ? move_module (kernel/module/main.c:2357)
> [ 154.017255][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> [ 154.018379][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> [ 154.019400][ T402] move_module (kernel/module/main.c:2357)
> [ 154.020435][ T402] layout_and_allocate+0x446/0x523
> [ 154.021792][ T402] load_module (kernel/module/main.c:2985)
> [ 154.022822][ T402] ? mode_strip_umask (fs/namei.c:3248)
> [ 154.023928][ T402] init_module_from_file (kernel/module/main.c:3266)
> [ 154.025069][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> [ 154.026265][ T402] ? __lock_release+0x106/0x38c
> [ 154.027496][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> [ 154.028688][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> [ 154.029766][ T402] idempotent_init_module (kernel/module/main.c:3302)
> [ 154.030985][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> [ 154.032192][ T402] ? security_capable (security/security.c:1143)
> [ 154.033310][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> [ 154.034478][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> [ 154.035532][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> [ 154.036819][ T402] RIP: 0033:0x7f0f37df7719
> [ 154.037865][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> All code
> ========
> 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> d: 00 00 00
> 10: 90 nop
> 11: 48 89 f8 mov %rdi,%rax
> 14: 48 89 f7 mov %rsi,%rdi
> 17: 48 89 d6 mov %rdx,%rsi
> 1a: 48 89 ca mov %rcx,%rdx
> 1d: 4d 89 c2 mov %r8,%r10
> 20: 4d 89 c8 mov %r9,%r8
> 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> 28: 0f 05 syscall
> 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> 30: 73 01 jae 0x33
> 32: c3 ret
> 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> 3a: f7 d8 neg %eax
> 3c: 64 89 01 mov %eax,%fs:(%rcx)
> 3f: 48 rex.W
>
> Code starting with the faulting instruction
> ===========================================
> 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> 6: 73 01 jae 0x9
> 8: c3 ret
> 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> 10: f7 d8 neg %eax
> 12: 64 89 01 mov %eax,%fs:(%rcx)
> 15: 48 rex.W
>
>
> The kernel config and materials to reproduce are available at:
> https://download.01.org/0day-ci/archive/20241113/202411132111.6a221562-lkp@intel.com
>
>
>
> --
> 0-DAY CI Kernel Test Service
> https://github.com/intel/lkp-tests/wiki
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [linux-next:master] [alloc_tag] 0f9b685626: BUG:KASAN:vmalloc-out-of-bounds_in_move_module
2024-11-13 21:34 ` Suren Baghdasaryan
@ 2024-11-14 23:40 ` Suren Baghdasaryan
2024-11-18 6:56 ` Oliver Sang
0 siblings, 1 reply; 5+ messages in thread
From: Suren Baghdasaryan @ 2024-11-14 23:40 UTC (permalink / raw)
To: kernel test robot
Cc: oe-lkp, lkp, Andrew Morton, Pasha Tatashin, Ard Biesheuvel,
Arnd Bergmann, Borislav Petkov, Christoph Hellwig, Daniel Gomez,
David Hildenbrand, Davidlohr Bueso, David Rientjes, Dennis Zhou,
Johannes Weiner, John Hubbard, Jonathan Corbet, Joonsoo Kim,
Kalesh Singh, Kees Cook, Kent Overstreet, Liam R. Howlett,
Luis Chamberlain, Matthew Wilcox, Michal Hocko, Mike Rapoport,
Minchan Kim, Paul E. McKenney, Petr Pavlu, Roman Gushchin,
Sami Tolvanen, Sourav Panda, Steven Rostedt, Thomas Gleixner,
Thomas Huth, Uladzislau Rezki, Vlastimil Babka, Xiongwei Song,
Yu Zhao, linux-kernel, linux-mm
On Wed, Nov 13, 2024 at 1:34 PM Suren Baghdasaryan <surenb@google.com> wrote:
>
> On Wed, Nov 13, 2024 at 2:07 PM kernel test robot <oliver.sang@intel.com> wrote:
> >
> >
> >
> > Hello,
> >
> >
> > we reported
> > "[linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module"
> > in
> > https://lore.kernel.org/all/202410281441.216670ac-lkp@intel.com/
> >
> > we noticed it seems there is following patch.
> >
> > we made below report just FYI that the commit still cause similar issue on
> > linux-next/master and not fixed on tip of linux-next/master when this bisect
> > is done.
> >
> >
> > kernel test robot noticed "BUG:KASAN:vmalloc-out-of-bounds_in_move_module" on:
> >
> > commit: 0f9b685626daa2f8e19a9788625c9b624c223e45 ("alloc_tag: populate memory for module tags as needed")
> > https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> >
> > [test failed on linux-next/master 929beafbe7acce3267c06115e13e03ff6e50548a]
> >
> > in testcase: rcuscale
> > version:
> > with following parameters:
> >
> > runtime: 300s
> > scale_type: srcu
> >
> >
> >
> > config: x86_64-randconfig-014-20241107
> > compiler: gcc-12
> > test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> >
> > (please refer to attached dmesg/kmsg for entire log/backtrace)
> >
> >
> > +------------------------------------------------+------------+------------+
> > | | 0db6f8d782 | 0f9b685626 |
> > +------------------------------------------------+------------+------------+
> > | boot_successes | 18 | 0 |
> > | boot_failures | 0 | 18 |
> > | BUG:KASAN:vmalloc-out-of-bounds_in_move_module | 0 | 18 |
> > | BUG:unable_to_handle_page_fault_for_address | 0 | 18 |
> > | Oops | 0 | 18 |
> > | RIP:kasan_metadata_fetch_row | 0 | 18 |
> > | Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
> > +------------------------------------------------+------------+------------+
> >
> >
> > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > the same patch/commit), kindly add following tags
> > | Reported-by: kernel test robot <oliver.sang@intel.com>
> > | Closes: https://lore.kernel.org/oe-lkp/202411132111.6a221562-lkp@intel.com
>
>
> Thanks for the report! I'm looking into this but so far could not find
> an obvious issue. Will try to reproduce.
For some reason I'm getting this panic when trying to follow the repro steps:
# bin/lkp qemu -k /home/suren/linux-next/arch/x86_64/boot/bzImage -m
/home/suren/linux-next/out/modules.cgz job-script
...
[ 22.813623][ T1] Kernel panic - not syncing: VFS: Unable to
mount root fs on unknown-block(0,0)
[ 22.815461][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted
6.12.0-rc7-next-20241113 #1 060e60d2378c08a3d0121faf43856b671a45697c
[ 22.817822][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX,
1996), BIOS 1.15.0-1 04/01/2014
[ 22.819655][ T1] Call Trace:
[ 22.820399][ T1] <TASK>
[ 22.821077][ T1] panic+0x243/0x486
[ 22.821965][ T1] ? crash_smp_send_stop+0x1c/0x1c
[ 22.823019][ T1] ? lock_release+0x17c/0x1b1
[ 22.824006][ T1] mount_root_generic+0x31d/0x3d0
[ 22.825064][ T1] ? init_rootfs+0x4c/0x4c
[ 22.826011][ T1] ? init_stat+0xd8/0xd8
[ 22.826920][ T1] ? __asan_memcpy+0x3c/0x65
[ 22.827880][ T1] ? getname_kernel+0x3dc/0x41e
[ 22.828887][ T1] prepare_namespace+0x21e/0x289
[ 22.829895][ T1] ? mount_root+0xc6/0xc6
[ 22.830819][ T1] ? fput+0x1b/0x194
[ 22.831682][ T1] ? rest_init+0x183/0x183
[ 22.832624][ T1] kernel_init+0x17/0x138
[ 22.833535][ T1] ? rest_init+0x183/0x183
[ 22.834490][ T1] ret_from_fork+0x20/0x54
[ 22.835419][ T1] ? rest_init+0x183/0x183
[ 22.836343][ T1] ret_from_fork_asm+0x11/0x20
[ 22.837335][ T1] </TASK>
[ 22.838082][ T1] Kernel Offset: disabled
I see that PeterZ had the same issue back in September:
https://lore.kernel.org/lkml/20240909091531.GA4723@noisy.programming.kicks-ass.net/
, so might this be a known issue? If anyone has an idea what I'm doing
wrong I would appreciate your help.
Thanks,
Suren.
>
> >
> >
> > [ 153.897376][ T402] BUG: KASAN: vmalloc-out-of-bounds in move_module (kernel/module/main.c:2357)
> > [ 153.899141][ T402] Write of size 40 at addr ffffffffa0000000 by task modprobe/402
> > [ 153.900837][ T402]
> > [ 153.901496][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> > [ 153.904537][ T402] Tainted: [T]=RANDSTRUCT
> > [ 153.905500][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > [ 153.907702][ T402] Call Trace:
> > [ 153.908510][ T402] <TASK>
> > [ 153.909241][ T402] print_address_description+0x65/0x2fa
> > [ 153.910663][ T402] print_report (mm/kasan/report.c:489)
> > [ 153.911771][ T402] ? move_module (kernel/module/main.c:2357)
> > [ 153.912825][ T402] kasan_report (mm/kasan/report.c:603)
> > [ 153.913821][ T402] ? move_module (kernel/module/main.c:2357)
> > [ 153.914904][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> > [ 153.916029][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> > [ 153.917057][ T402] move_module (kernel/module/main.c:2357)
> > [ 153.918071][ T402] layout_and_allocate+0x446/0x523
> > [ 153.919459][ T402] load_module (kernel/module/main.c:2985)
> > [ 153.920457][ T402] ? mode_strip_umask (fs/namei.c:3248)
> > [ 153.921557][ T402] init_module_from_file (kernel/module/main.c:3266)
> > [ 153.922825][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> > [ 153.923992][ T402] ? __lock_release+0x106/0x38c
> > [ 153.925173][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> > [ 153.926364][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> > [ 153.944053][ T402] idempotent_init_module (kernel/module/main.c:3302)
> > [ 153.945164][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> > [ 153.946268][ T402] ? security_capable (security/security.c:1143)
> > [ 153.947421][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> > [ 153.948495][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> > [ 153.949540][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> > [ 153.950855][ T402] RIP: 0033:0x7f0f37df7719
> > [ 153.951869][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> > All code
> > ========
> > 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> > 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> > d: 00 00 00
> > 10: 90 nop
> > 11: 48 89 f8 mov %rdi,%rax
> > 14: 48 89 f7 mov %rsi,%rdi
> > 17: 48 89 d6 mov %rdx,%rsi
> > 1a: 48 89 ca mov %rcx,%rdx
> > 1d: 4d 89 c2 mov %r8,%r10
> > 20: 4d 89 c8 mov %r9,%r8
> > 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> > 28: 0f 05 syscall
> > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> > 30: 73 01 jae 0x33
> > 32: c3 ret
> > 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> > 3a: f7 d8 neg %eax
> > 3c: 64 89 01 mov %eax,%fs:(%rcx)
> > 3f: 48 rex.W
> >
> > Code starting with the faulting instruction
> > ===========================================
> > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> > 6: 73 01 jae 0x9
> > 8: c3 ret
> > 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> > 10: f7 d8 neg %eax
> > 12: 64 89 01 mov %eax,%fs:(%rcx)
> > 15: 48 rex.W
> > [ 153.955810][ T402] RSP: 002b:00007ffccd7f7198 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> > [ 153.957666][ T402] RAX: ffffffffffffffda RBX: 000055cc9f9fddd0 RCX: 00007f0f37df7719
> > [ 153.959411][ T402] RDX: 0000000000000000 RSI: 000055cc9f9f24a0 RDI: 0000000000000004
> > [ 153.961142][ T402] RBP: 000055cc9f9f24a0 R08: 0000000000000000 R09: 000055cc9f9ff250
> > [ 153.962910][ T402] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000040000
> > [ 153.964665][ T402] R13: 0000000000000000 R14: 000055cc9f9fdd80 R15: 0000000000000000
> > [ 153.966393][ T402] </TASK>
> > [ 153.967209][ T402]
> > [ 153.967856][ T402] Memory state around the buggy address:
> > [ 153.969123][ T402] BUG: unable to handle page fault for address: fffffbfff3ffffe0
> > [ 153.970807][ T402] #PF: supervisor read access in kernel mode
> > [ 153.972036][ T402] #PF: error_code(0x0000) - not-present page
> > [ 153.973220][ T402] PGD 417fdb067 P4D 417fdb067 PUD 417fd7067 PMD 0
> > [ 153.974560][ T402] Oops: Oops: 0000 [#1] PREEMPT KASAN
> > [ 153.975758][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> > [ 153.978853][ T402] Tainted: [T]=RANDSTRUCT
> > [ 153.979851][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > [ 153.982008][ T402] RIP: 0010:kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> > [ 153.983368][ T402] Code: 40 08 48 89 43 58 5b 31 c0 31 d2 31 c9 31 f6 31 ff c3 cc cc cc cc 66 0f 1f 00 b8 ff ff 37 00 48 c1 ee 03 48 c1 e0 2a 48 01 c6 <48> 8b 06 48 89 07 48 8b 46 08 48 89 47 08 31 c0 31 f6 31 ff c3 cc
> > All code
> > ========
> > 0: 40 08 48 89 rex or %cl,-0x77(%rax)
> > 4: 43 58 rex.XB pop %r8
> > 6: 5b pop %rbx
> > 7: 31 c0 xor %eax,%eax
> > 9: 31 d2 xor %edx,%edx
> > b: 31 c9 xor %ecx,%ecx
> > d: 31 f6 xor %esi,%esi
> > f: 31 ff xor %edi,%edi
> > 11: c3 ret
> > 12: cc int3
> > 13: cc int3
> > 14: cc int3
> > 15: cc int3
> > 16: 66 0f 1f 00 nopw (%rax)
> > 1a: b8 ff ff 37 00 mov $0x37ffff,%eax
> > 1f: 48 c1 ee 03 shr $0x3,%rsi
> > 23: 48 c1 e0 2a shl $0x2a,%rax
> > 27: 48 01 c6 add %rax,%rsi
> > 2a:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
> > 2d: 48 89 07 mov %rax,(%rdi)
> > 30: 48 8b 46 08 mov 0x8(%rsi),%rax
> > 34: 48 89 47 08 mov %rax,0x8(%rdi)
> > 38: 31 c0 xor %eax,%eax
> > 3a: 31 f6 xor %esi,%esi
> > 3c: 31 ff xor %edi,%edi
> > 3e: c3 ret
> > 3f: cc int3
> >
> > Code starting with the faulting instruction
> > ===========================================
> > 0: 48 8b 06 mov (%rsi),%rax
> > 3: 48 89 07 mov %rax,(%rdi)
> > 6: 48 8b 46 08 mov 0x8(%rsi),%rax
> > a: 48 89 47 08 mov %rax,0x8(%rdi)
> > e: 31 c0 xor %eax,%eax
> > 10: 31 f6 xor %esi,%esi
> > 12: 31 ff xor %edi,%edi
> > 14: c3 ret
> > 15: cc int3
> > [ 153.987254][ T402] RSP: 0018:ffffc9000218f9f8 EFLAGS: 00010082
> > [ 153.988595][ T402] RAX: dffffc0000000000 RBX: ffffffff9fffff00 RCX: 0000000000000000
> > [ 153.990325][ T402] RDX: 0000000000000000 RSI: fffffbfff3ffffe0 RDI: ffffc9000218fa04
> > [ 153.992086][ T402] RBP: 00000000fffffffe R08: 0000000000000000 R09: 0000000000000000
> > [ 153.993786][ T402] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0000000
> > [ 153.995554][ T402] R13: ffffffff864b4994 R14: ffffffff9fffff80 R15: 0000000000000028
> > [ 153.997305][ T402] FS: 00007f0f37cf5040(0000) GS:ffffffff86989000(0000) knlGS:0000000000000000
> > [ 153.999133][ T402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > [ 154.000578][ T402] CR2: fffffbfff3ffffe0 CR3: 0000000128853000 CR4: 00000000000006b0
> > [ 154.002367][ T402] Call Trace:
> > [ 154.003318][ T402] <TASK>
> > [ 154.004087][ T402] ? __die_body (arch/x86/kernel/dumpstack.c:421)
> > [ 154.005074][ T402] ? page_fault_oops (arch/x86/mm/fault.c:710)
> > [ 154.006242][ T402] ? show_fault_oops (arch/x86/mm/fault.c:643)
> > [ 154.007368][ T402] ? search_module_extables (kernel/module/main.c:3369)
> > [ 154.008525][ T402] ? fixup_exception (arch/x86/mm/extable.c:321)
> > [ 154.009629][ T402] ? exc_page_fault (arch/x86/mm/fault.c:1479 arch/x86/mm/fault.c:1539)
> > [ 154.010771][ T402] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
> > [ 154.011853][ T402] ? kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> > [ 154.013072][ T402] print_report (mm/kasan/report.c:466 mm/kasan/report.c:489)
> > [ 154.014122][ T402] ? move_module (kernel/module/main.c:2357)
> > [ 154.015238][ T402] kasan_report (mm/kasan/report.c:603)
> > [ 154.016231][ T402] ? move_module (kernel/module/main.c:2357)
> > [ 154.017255][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> > [ 154.018379][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> > [ 154.019400][ T402] move_module (kernel/module/main.c:2357)
> > [ 154.020435][ T402] layout_and_allocate+0x446/0x523
> > [ 154.021792][ T402] load_module (kernel/module/main.c:2985)
> > [ 154.022822][ T402] ? mode_strip_umask (fs/namei.c:3248)
> > [ 154.023928][ T402] init_module_from_file (kernel/module/main.c:3266)
> > [ 154.025069][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> > [ 154.026265][ T402] ? __lock_release+0x106/0x38c
> > [ 154.027496][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> > [ 154.028688][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> > [ 154.029766][ T402] idempotent_init_module (kernel/module/main.c:3302)
> > [ 154.030985][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> > [ 154.032192][ T402] ? security_capable (security/security.c:1143)
> > [ 154.033310][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> > [ 154.034478][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> > [ 154.035532][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> > [ 154.036819][ T402] RIP: 0033:0x7f0f37df7719
> > [ 154.037865][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> > All code
> > ========
> > 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> > 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> > d: 00 00 00
> > 10: 90 nop
> > 11: 48 89 f8 mov %rdi,%rax
> > 14: 48 89 f7 mov %rsi,%rdi
> > 17: 48 89 d6 mov %rdx,%rsi
> > 1a: 48 89 ca mov %rcx,%rdx
> > 1d: 4d 89 c2 mov %r8,%r10
> > 20: 4d 89 c8 mov %r9,%r8
> > 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> > 28: 0f 05 syscall
> > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> > 30: 73 01 jae 0x33
> > 32: c3 ret
> > 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> > 3a: f7 d8 neg %eax
> > 3c: 64 89 01 mov %eax,%fs:(%rcx)
> > 3f: 48 rex.W
> >
> > Code starting with the faulting instruction
> > ===========================================
> > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> > 6: 73 01 jae 0x9
> > 8: c3 ret
> > 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> > 10: f7 d8 neg %eax
> > 12: 64 89 01 mov %eax,%fs:(%rcx)
> > 15: 48 rex.W
> >
> >
> > The kernel config and materials to reproduce are available at:
> > https://download.01.org/0day-ci/archive/20241113/202411132111.6a221562-lkp@intel.com
> >
> >
> >
> > --
> > 0-DAY CI Kernel Test Service
> > https://github.com/intel/lkp-tests/wiki
> >
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [linux-next:master] [alloc_tag] 0f9b685626: BUG:KASAN:vmalloc-out-of-bounds_in_move_module
2024-11-14 23:40 ` Suren Baghdasaryan
@ 2024-11-18 6:56 ` Oliver Sang
2024-11-19 20:30 ` Suren Baghdasaryan
0 siblings, 1 reply; 5+ messages in thread
From: Oliver Sang @ 2024-11-18 6:56 UTC (permalink / raw)
To: Suren Baghdasaryan
Cc: oe-lkp, lkp, Andrew Morton, Pasha Tatashin, Ard Biesheuvel,
Arnd Bergmann, Borislav Petkov, Christoph Hellwig, Daniel Gomez,
David Hildenbrand, Davidlohr Bueso, David Rientjes, Dennis Zhou,
Johannes Weiner, John Hubbard, Jonathan Corbet, Joonsoo Kim,
Kalesh Singh, Kees Cook, Kent Overstreet, Liam R. Howlett,
Luis Chamberlain, Matthew Wilcox, Michal Hocko, Mike Rapoport,
Minchan Kim, Paul E. McKenney, Petr Pavlu, Roman Gushchin,
Sami Tolvanen, Sourav Panda, Steven Rostedt, Thomas Gleixner,
Thomas Huth, Uladzislau Rezki, Vlastimil Babka, Xiongwei Song,
Yu Zhao, linux-kernel, linux-mm, oliver.sang
hi, Suren,
On Thu, Nov 14, 2024 at 03:40:08PM -0800, Suren Baghdasaryan wrote:
> On Wed, Nov 13, 2024 at 1:34 PM Suren Baghdasaryan <surenb@google.com> wrote:
> >
> > On Wed, Nov 13, 2024 at 2:07 PM kernel test robot <oliver.sang@intel.com> wrote:
> > >
> > >
> > >
> > > Hello,
> > >
> > >
> > > we reported
> > > "[linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module"
> > > in
> > > https://lore.kernel.org/all/202410281441.216670ac-lkp@intel.com/
> > >
> > > we noticed it seems there is following patch.
> > >
> > > we made below report just FYI that the commit still cause similar issue on
> > > linux-next/master and not fixed on tip of linux-next/master when this bisect
> > > is done.
> > >
> > >
> > > kernel test robot noticed "BUG:KASAN:vmalloc-out-of-bounds_in_move_module" on:
> > >
> > > commit: 0f9b685626daa2f8e19a9788625c9b624c223e45 ("alloc_tag: populate memory for module tags as needed")
> > > https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> > >
> > > [test failed on linux-next/master 929beafbe7acce3267c06115e13e03ff6e50548a]
> > >
> > > in testcase: rcuscale
> > > version:
> > > with following parameters:
> > >
> > > runtime: 300s
> > > scale_type: srcu
> > >
> > >
> > >
> > > config: x86_64-randconfig-014-20241107
> > > compiler: gcc-12
> > > test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > >
> > > (please refer to attached dmesg/kmsg for entire log/backtrace)
> > >
> > >
> > > +------------------------------------------------+------------+------------+
> > > | | 0db6f8d782 | 0f9b685626 |
> > > +------------------------------------------------+------------+------------+
> > > | boot_successes | 18 | 0 |
> > > | boot_failures | 0 | 18 |
> > > | BUG:KASAN:vmalloc-out-of-bounds_in_move_module | 0 | 18 |
> > > | BUG:unable_to_handle_page_fault_for_address | 0 | 18 |
> > > | Oops | 0 | 18 |
> > > | RIP:kasan_metadata_fetch_row | 0 | 18 |
> > > | Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
> > > +------------------------------------------------+------------+------------+
> > >
> > >
> > > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > > the same patch/commit), kindly add following tags
> > > | Reported-by: kernel test robot <oliver.sang@intel.com>
> > > | Closes: https://lore.kernel.org/oe-lkp/202411132111.6a221562-lkp@intel.com
> >
> >
> > Thanks for the report! I'm looking into this but so far could not find
> > an obvious issue. Will try to reproduce.
>
> For some reason I'm getting this panic when trying to follow the repro steps:
sorry about this. kernel test robot run into some cluster issues these days
and most of my time is occupied to solve them.
I will look at this later when our cluster back to normal and give you an update
sorry again for any inconvenience.
>
> # bin/lkp qemu -k /home/suren/linux-next/arch/x86_64/boot/bzImage -m
> /home/suren/linux-next/out/modules.cgz job-script
> ...
> [ 22.813623][ T1] Kernel panic - not syncing: VFS: Unable to
> mount root fs on unknown-block(0,0)
> [ 22.815461][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted
> 6.12.0-rc7-next-20241113 #1 060e60d2378c08a3d0121faf43856b671a45697c
> [ 22.817822][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX,
> 1996), BIOS 1.15.0-1 04/01/2014
> [ 22.819655][ T1] Call Trace:
> [ 22.820399][ T1] <TASK>
> [ 22.821077][ T1] panic+0x243/0x486
> [ 22.821965][ T1] ? crash_smp_send_stop+0x1c/0x1c
> [ 22.823019][ T1] ? lock_release+0x17c/0x1b1
> [ 22.824006][ T1] mount_root_generic+0x31d/0x3d0
> [ 22.825064][ T1] ? init_rootfs+0x4c/0x4c
> [ 22.826011][ T1] ? init_stat+0xd8/0xd8
> [ 22.826920][ T1] ? __asan_memcpy+0x3c/0x65
> [ 22.827880][ T1] ? getname_kernel+0x3dc/0x41e
> [ 22.828887][ T1] prepare_namespace+0x21e/0x289
> [ 22.829895][ T1] ? mount_root+0xc6/0xc6
> [ 22.830819][ T1] ? fput+0x1b/0x194
> [ 22.831682][ T1] ? rest_init+0x183/0x183
> [ 22.832624][ T1] kernel_init+0x17/0x138
> [ 22.833535][ T1] ? rest_init+0x183/0x183
> [ 22.834490][ T1] ret_from_fork+0x20/0x54
> [ 22.835419][ T1] ? rest_init+0x183/0x183
> [ 22.836343][ T1] ret_from_fork_asm+0x11/0x20
> [ 22.837335][ T1] </TASK>
> [ 22.838082][ T1] Kernel Offset: disabled
>
> I see that PeterZ had the same issue back in September:
> https://lore.kernel.org/lkml/20240909091531.GA4723@noisy.programming.kicks-ass.net/
> , so might this be a known issue? If anyone has an idea what I'm doing
> wrong I would appreciate your help.
> Thanks,
> Suren.
>
>
> >
> > >
> > >
> > > [ 153.897376][ T402] BUG: KASAN: vmalloc-out-of-bounds in move_module (kernel/module/main.c:2357)
> > > [ 153.899141][ T402] Write of size 40 at addr ffffffffa0000000 by task modprobe/402
> > > [ 153.900837][ T402]
> > > [ 153.901496][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> > > [ 153.904537][ T402] Tainted: [T]=RANDSTRUCT
> > > [ 153.905500][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > > [ 153.907702][ T402] Call Trace:
> > > [ 153.908510][ T402] <TASK>
> > > [ 153.909241][ T402] print_address_description+0x65/0x2fa
> > > [ 153.910663][ T402] print_report (mm/kasan/report.c:489)
> > > [ 153.911771][ T402] ? move_module (kernel/module/main.c:2357)
> > > [ 153.912825][ T402] kasan_report (mm/kasan/report.c:603)
> > > [ 153.913821][ T402] ? move_module (kernel/module/main.c:2357)
> > > [ 153.914904][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> > > [ 153.916029][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> > > [ 153.917057][ T402] move_module (kernel/module/main.c:2357)
> > > [ 153.918071][ T402] layout_and_allocate+0x446/0x523
> > > [ 153.919459][ T402] load_module (kernel/module/main.c:2985)
> > > [ 153.920457][ T402] ? mode_strip_umask (fs/namei.c:3248)
> > > [ 153.921557][ T402] init_module_from_file (kernel/module/main.c:3266)
> > > [ 153.922825][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> > > [ 153.923992][ T402] ? __lock_release+0x106/0x38c
> > > [ 153.925173][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> > > [ 153.926364][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> > > [ 153.944053][ T402] idempotent_init_module (kernel/module/main.c:3302)
> > > [ 153.945164][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> > > [ 153.946268][ T402] ? security_capable (security/security.c:1143)
> > > [ 153.947421][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> > > [ 153.948495][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> > > [ 153.949540][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> > > [ 153.950855][ T402] RIP: 0033:0x7f0f37df7719
> > > [ 153.951869][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> > > All code
> > > ========
> > > 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> > > 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> > > d: 00 00 00
> > > 10: 90 nop
> > > 11: 48 89 f8 mov %rdi,%rax
> > > 14: 48 89 f7 mov %rsi,%rdi
> > > 17: 48 89 d6 mov %rdx,%rsi
> > > 1a: 48 89 ca mov %rcx,%rdx
> > > 1d: 4d 89 c2 mov %r8,%r10
> > > 20: 4d 89 c8 mov %r9,%r8
> > > 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> > > 28: 0f 05 syscall
> > > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> > > 30: 73 01 jae 0x33
> > > 32: c3 ret
> > > 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> > > 3a: f7 d8 neg %eax
> > > 3c: 64 89 01 mov %eax,%fs:(%rcx)
> > > 3f: 48 rex.W
> > >
> > > Code starting with the faulting instruction
> > > ===========================================
> > > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> > > 6: 73 01 jae 0x9
> > > 8: c3 ret
> > > 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> > > 10: f7 d8 neg %eax
> > > 12: 64 89 01 mov %eax,%fs:(%rcx)
> > > 15: 48 rex.W
> > > [ 153.955810][ T402] RSP: 002b:00007ffccd7f7198 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> > > [ 153.957666][ T402] RAX: ffffffffffffffda RBX: 000055cc9f9fddd0 RCX: 00007f0f37df7719
> > > [ 153.959411][ T402] RDX: 0000000000000000 RSI: 000055cc9f9f24a0 RDI: 0000000000000004
> > > [ 153.961142][ T402] RBP: 000055cc9f9f24a0 R08: 0000000000000000 R09: 000055cc9f9ff250
> > > [ 153.962910][ T402] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000040000
> > > [ 153.964665][ T402] R13: 0000000000000000 R14: 000055cc9f9fdd80 R15: 0000000000000000
> > > [ 153.966393][ T402] </TASK>
> > > [ 153.967209][ T402]
> > > [ 153.967856][ T402] Memory state around the buggy address:
> > > [ 153.969123][ T402] BUG: unable to handle page fault for address: fffffbfff3ffffe0
> > > [ 153.970807][ T402] #PF: supervisor read access in kernel mode
> > > [ 153.972036][ T402] #PF: error_code(0x0000) - not-present page
> > > [ 153.973220][ T402] PGD 417fdb067 P4D 417fdb067 PUD 417fd7067 PMD 0
> > > [ 153.974560][ T402] Oops: Oops: 0000 [#1] PREEMPT KASAN
> > > [ 153.975758][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> > > [ 153.978853][ T402] Tainted: [T]=RANDSTRUCT
> > > [ 153.979851][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > > [ 153.982008][ T402] RIP: 0010:kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> > > [ 153.983368][ T402] Code: 40 08 48 89 43 58 5b 31 c0 31 d2 31 c9 31 f6 31 ff c3 cc cc cc cc 66 0f 1f 00 b8 ff ff 37 00 48 c1 ee 03 48 c1 e0 2a 48 01 c6 <48> 8b 06 48 89 07 48 8b 46 08 48 89 47 08 31 c0 31 f6 31 ff c3 cc
> > > All code
> > > ========
> > > 0: 40 08 48 89 rex or %cl,-0x77(%rax)
> > > 4: 43 58 rex.XB pop %r8
> > > 6: 5b pop %rbx
> > > 7: 31 c0 xor %eax,%eax
> > > 9: 31 d2 xor %edx,%edx
> > > b: 31 c9 xor %ecx,%ecx
> > > d: 31 f6 xor %esi,%esi
> > > f: 31 ff xor %edi,%edi
> > > 11: c3 ret
> > > 12: cc int3
> > > 13: cc int3
> > > 14: cc int3
> > > 15: cc int3
> > > 16: 66 0f 1f 00 nopw (%rax)
> > > 1a: b8 ff ff 37 00 mov $0x37ffff,%eax
> > > 1f: 48 c1 ee 03 shr $0x3,%rsi
> > > 23: 48 c1 e0 2a shl $0x2a,%rax
> > > 27: 48 01 c6 add %rax,%rsi
> > > 2a:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
> > > 2d: 48 89 07 mov %rax,(%rdi)
> > > 30: 48 8b 46 08 mov 0x8(%rsi),%rax
> > > 34: 48 89 47 08 mov %rax,0x8(%rdi)
> > > 38: 31 c0 xor %eax,%eax
> > > 3a: 31 f6 xor %esi,%esi
> > > 3c: 31 ff xor %edi,%edi
> > > 3e: c3 ret
> > > 3f: cc int3
> > >
> > > Code starting with the faulting instruction
> > > ===========================================
> > > 0: 48 8b 06 mov (%rsi),%rax
> > > 3: 48 89 07 mov %rax,(%rdi)
> > > 6: 48 8b 46 08 mov 0x8(%rsi),%rax
> > > a: 48 89 47 08 mov %rax,0x8(%rdi)
> > > e: 31 c0 xor %eax,%eax
> > > 10: 31 f6 xor %esi,%esi
> > > 12: 31 ff xor %edi,%edi
> > > 14: c3 ret
> > > 15: cc int3
> > > [ 153.987254][ T402] RSP: 0018:ffffc9000218f9f8 EFLAGS: 00010082
> > > [ 153.988595][ T402] RAX: dffffc0000000000 RBX: ffffffff9fffff00 RCX: 0000000000000000
> > > [ 153.990325][ T402] RDX: 0000000000000000 RSI: fffffbfff3ffffe0 RDI: ffffc9000218fa04
> > > [ 153.992086][ T402] RBP: 00000000fffffffe R08: 0000000000000000 R09: 0000000000000000
> > > [ 153.993786][ T402] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0000000
> > > [ 153.995554][ T402] R13: ffffffff864b4994 R14: ffffffff9fffff80 R15: 0000000000000028
> > > [ 153.997305][ T402] FS: 00007f0f37cf5040(0000) GS:ffffffff86989000(0000) knlGS:0000000000000000
> > > [ 153.999133][ T402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > [ 154.000578][ T402] CR2: fffffbfff3ffffe0 CR3: 0000000128853000 CR4: 00000000000006b0
> > > [ 154.002367][ T402] Call Trace:
> > > [ 154.003318][ T402] <TASK>
> > > [ 154.004087][ T402] ? __die_body (arch/x86/kernel/dumpstack.c:421)
> > > [ 154.005074][ T402] ? page_fault_oops (arch/x86/mm/fault.c:710)
> > > [ 154.006242][ T402] ? show_fault_oops (arch/x86/mm/fault.c:643)
> > > [ 154.007368][ T402] ? search_module_extables (kernel/module/main.c:3369)
> > > [ 154.008525][ T402] ? fixup_exception (arch/x86/mm/extable.c:321)
> > > [ 154.009629][ T402] ? exc_page_fault (arch/x86/mm/fault.c:1479 arch/x86/mm/fault.c:1539)
> > > [ 154.010771][ T402] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
> > > [ 154.011853][ T402] ? kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> > > [ 154.013072][ T402] print_report (mm/kasan/report.c:466 mm/kasan/report.c:489)
> > > [ 154.014122][ T402] ? move_module (kernel/module/main.c:2357)
> > > [ 154.015238][ T402] kasan_report (mm/kasan/report.c:603)
> > > [ 154.016231][ T402] ? move_module (kernel/module/main.c:2357)
> > > [ 154.017255][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> > > [ 154.018379][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> > > [ 154.019400][ T402] move_module (kernel/module/main.c:2357)
> > > [ 154.020435][ T402] layout_and_allocate+0x446/0x523
> > > [ 154.021792][ T402] load_module (kernel/module/main.c:2985)
> > > [ 154.022822][ T402] ? mode_strip_umask (fs/namei.c:3248)
> > > [ 154.023928][ T402] init_module_from_file (kernel/module/main.c:3266)
> > > [ 154.025069][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> > > [ 154.026265][ T402] ? __lock_release+0x106/0x38c
> > > [ 154.027496][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> > > [ 154.028688][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> > > [ 154.029766][ T402] idempotent_init_module (kernel/module/main.c:3302)
> > > [ 154.030985][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> > > [ 154.032192][ T402] ? security_capable (security/security.c:1143)
> > > [ 154.033310][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> > > [ 154.034478][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> > > [ 154.035532][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> > > [ 154.036819][ T402] RIP: 0033:0x7f0f37df7719
> > > [ 154.037865][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> > > All code
> > > ========
> > > 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> > > 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> > > d: 00 00 00
> > > 10: 90 nop
> > > 11: 48 89 f8 mov %rdi,%rax
> > > 14: 48 89 f7 mov %rsi,%rdi
> > > 17: 48 89 d6 mov %rdx,%rsi
> > > 1a: 48 89 ca mov %rcx,%rdx
> > > 1d: 4d 89 c2 mov %r8,%r10
> > > 20: 4d 89 c8 mov %r9,%r8
> > > 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> > > 28: 0f 05 syscall
> > > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> > > 30: 73 01 jae 0x33
> > > 32: c3 ret
> > > 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> > > 3a: f7 d8 neg %eax
> > > 3c: 64 89 01 mov %eax,%fs:(%rcx)
> > > 3f: 48 rex.W
> > >
> > > Code starting with the faulting instruction
> > > ===========================================
> > > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> > > 6: 73 01 jae 0x9
> > > 8: c3 ret
> > > 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> > > 10: f7 d8 neg %eax
> > > 12: 64 89 01 mov %eax,%fs:(%rcx)
> > > 15: 48 rex.W
> > >
> > >
> > > The kernel config and materials to reproduce are available at:
> > > https://download.01.org/0day-ci/archive/20241113/202411132111.6a221562-lkp@intel.com
> > >
> > >
> > >
> > > --
> > > 0-DAY CI Kernel Test Service
> > > https://github.com/intel/lkp-tests/wiki
> > >
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [linux-next:master] [alloc_tag] 0f9b685626: BUG:KASAN:vmalloc-out-of-bounds_in_move_module
2024-11-18 6:56 ` Oliver Sang
@ 2024-11-19 20:30 ` Suren Baghdasaryan
0 siblings, 0 replies; 5+ messages in thread
From: Suren Baghdasaryan @ 2024-11-19 20:30 UTC (permalink / raw)
To: Oliver Sang
Cc: oe-lkp, lkp, Andrew Morton, Pasha Tatashin, Ard Biesheuvel,
Arnd Bergmann, Borislav Petkov, Christoph Hellwig, Daniel Gomez,
David Hildenbrand, Davidlohr Bueso, David Rientjes, Dennis Zhou,
Johannes Weiner, John Hubbard, Jonathan Corbet, Joonsoo Kim,
Kalesh Singh, Kees Cook, Kent Overstreet, Liam R. Howlett,
Luis Chamberlain, Matthew Wilcox, Michal Hocko, Mike Rapoport,
Minchan Kim, Paul E. McKenney, Petr Pavlu, Roman Gushchin,
Sami Tolvanen, Sourav Panda, Steven Rostedt, Thomas Gleixner,
Thomas Huth, Uladzislau Rezki, Vlastimil Babka, Xiongwei Song,
Yu Zhao, linux-kernel, linux-mm
On Mon, Nov 18, 2024 at 6:57 AM Oliver Sang <oliver.sang@intel.com> wrote:
>
> hi, Suren,
>
> On Thu, Nov 14, 2024 at 03:40:08PM -0800, Suren Baghdasaryan wrote:
> > On Wed, Nov 13, 2024 at 1:34 PM Suren Baghdasaryan <surenb@google.com> wrote:
> > >
> > > On Wed, Nov 13, 2024 at 2:07 PM kernel test robot <oliver.sang@intel.com> wrote:
> > > >
> > > >
> > > >
> > > > Hello,
> > > >
> > > >
> > > > we reported
> > > > "[linux-next:master] [alloc_tag] a9c60bb0d0: BUG:KASAN:vmalloc-out-of-bounds_in_load_module"
> > > > in
> > > > https://lore.kernel.org/all/202410281441.216670ac-lkp@intel.com/
> > > >
> > > > we noticed it seems there is following patch.
> > > >
> > > > we made below report just FYI that the commit still cause similar issue on
> > > > linux-next/master and not fixed on tip of linux-next/master when this bisect
> > > > is done.
> > > >
> > > >
> > > > kernel test robot noticed "BUG:KASAN:vmalloc-out-of-bounds_in_move_module" on:
> > > >
> > > > commit: 0f9b685626daa2f8e19a9788625c9b624c223e45 ("alloc_tag: populate memory for module tags as needed")
> > > > https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git master
> > > >
> > > > [test failed on linux-next/master 929beafbe7acce3267c06115e13e03ff6e50548a]
> > > >
> > > > in testcase: rcuscale
> > > > version:
> > > > with following parameters:
> > > >
> > > > runtime: 300s
> > > > scale_type: srcu
> > > >
> > > >
> > > >
> > > > config: x86_64-randconfig-014-20241107
> > > > compiler: gcc-12
> > > > test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
> > > >
> > > > (please refer to attached dmesg/kmsg for entire log/backtrace)
> > > >
> > > >
> > > > +------------------------------------------------+------------+------------+
> > > > | | 0db6f8d782 | 0f9b685626 |
> > > > +------------------------------------------------+------------+------------+
> > > > | boot_successes | 18 | 0 |
> > > > | boot_failures | 0 | 18 |
> > > > | BUG:KASAN:vmalloc-out-of-bounds_in_move_module | 0 | 18 |
> > > > | BUG:unable_to_handle_page_fault_for_address | 0 | 18 |
> > > > | Oops | 0 | 18 |
> > > > | RIP:kasan_metadata_fetch_row | 0 | 18 |
> > > > | Kernel_panic-not_syncing:Fatal_exception | 0 | 18 |
> > > > +------------------------------------------------+------------+------------+
> > > >
> > > >
> > > > If you fix the issue in a separate patch/commit (i.e. not just a new version of
> > > > the same patch/commit), kindly add following tags
> > > > | Reported-by: kernel test robot <oliver.sang@intel.com>
> > > > | Closes: https://lore.kernel.org/oe-lkp/202411132111.6a221562-lkp@intel.com
> > >
> > >
> > > Thanks for the report! I'm looking into this but so far could not find
> > > an obvious issue. Will try to reproduce.
> >
> > For some reason I'm getting this panic when trying to follow the repro steps:
>
> sorry about this. kernel test robot run into some cluster issues these days
> and most of my time is occupied to solve them.
>
> I will look at this later when our cluster back to normal and give you an update
Thanks! I would appreciate that. I tried several hints I found online
but still unsuccessful.
>
> sorry again for any inconvenience.
>
> >
> > # bin/lkp qemu -k /home/suren/linux-next/arch/x86_64/boot/bzImage -m
> > /home/suren/linux-next/out/modules.cgz job-script
> > ...
> > [ 22.813623][ T1] Kernel panic - not syncing: VFS: Unable to
> > mount root fs on unknown-block(0,0)
> > [ 22.815461][ T1] CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted
> > 6.12.0-rc7-next-20241113 #1 060e60d2378c08a3d0121faf43856b671a45697c
> > [ 22.817822][ T1] Hardware name: QEMU Standard PC (i440FX + PIIX,
> > 1996), BIOS 1.15.0-1 04/01/2014
> > [ 22.819655][ T1] Call Trace:
> > [ 22.820399][ T1] <TASK>
> > [ 22.821077][ T1] panic+0x243/0x486
> > [ 22.821965][ T1] ? crash_smp_send_stop+0x1c/0x1c
> > [ 22.823019][ T1] ? lock_release+0x17c/0x1b1
> > [ 22.824006][ T1] mount_root_generic+0x31d/0x3d0
> > [ 22.825064][ T1] ? init_rootfs+0x4c/0x4c
> > [ 22.826011][ T1] ? init_stat+0xd8/0xd8
> > [ 22.826920][ T1] ? __asan_memcpy+0x3c/0x65
> > [ 22.827880][ T1] ? getname_kernel+0x3dc/0x41e
> > [ 22.828887][ T1] prepare_namespace+0x21e/0x289
> > [ 22.829895][ T1] ? mount_root+0xc6/0xc6
> > [ 22.830819][ T1] ? fput+0x1b/0x194
> > [ 22.831682][ T1] ? rest_init+0x183/0x183
> > [ 22.832624][ T1] kernel_init+0x17/0x138
> > [ 22.833535][ T1] ? rest_init+0x183/0x183
> > [ 22.834490][ T1] ret_from_fork+0x20/0x54
> > [ 22.835419][ T1] ? rest_init+0x183/0x183
> > [ 22.836343][ T1] ret_from_fork_asm+0x11/0x20
> > [ 22.837335][ T1] </TASK>
> > [ 22.838082][ T1] Kernel Offset: disabled
> >
> > I see that PeterZ had the same issue back in September:
> > https://lore.kernel.org/lkml/20240909091531.GA4723@noisy.programming.kicks-ass.net/
> > , so might this be a known issue? If anyone has an idea what I'm doing
> > wrong I would appreciate your help.
> > Thanks,
> > Suren.
> >
> >
> > >
> > > >
> > > >
> > > > [ 153.897376][ T402] BUG: KASAN: vmalloc-out-of-bounds in move_module (kernel/module/main.c:2357)
> > > > [ 153.899141][ T402] Write of size 40 at addr ffffffffa0000000 by task modprobe/402
> > > > [ 153.900837][ T402]
> > > > [ 153.901496][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> > > > [ 153.904537][ T402] Tainted: [T]=RANDSTRUCT
> > > > [ 153.905500][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > > > [ 153.907702][ T402] Call Trace:
> > > > [ 153.908510][ T402] <TASK>
> > > > [ 153.909241][ T402] print_address_description+0x65/0x2fa
> > > > [ 153.910663][ T402] print_report (mm/kasan/report.c:489)
> > > > [ 153.911771][ T402] ? move_module (kernel/module/main.c:2357)
> > > > [ 153.912825][ T402] kasan_report (mm/kasan/report.c:603)
> > > > [ 153.913821][ T402] ? move_module (kernel/module/main.c:2357)
> > > > [ 153.914904][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> > > > [ 153.916029][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> > > > [ 153.917057][ T402] move_module (kernel/module/main.c:2357)
> > > > [ 153.918071][ T402] layout_and_allocate+0x446/0x523
> > > > [ 153.919459][ T402] load_module (kernel/module/main.c:2985)
> > > > [ 153.920457][ T402] ? mode_strip_umask (fs/namei.c:3248)
> > > > [ 153.921557][ T402] init_module_from_file (kernel/module/main.c:3266)
> > > > [ 153.922825][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> > > > [ 153.923992][ T402] ? __lock_release+0x106/0x38c
> > > > [ 153.925173][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> > > > [ 153.926364][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> > > > [ 153.944053][ T402] idempotent_init_module (kernel/module/main.c:3302)
> > > > [ 153.945164][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> > > > [ 153.946268][ T402] ? security_capable (security/security.c:1143)
> > > > [ 153.947421][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> > > > [ 153.948495][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> > > > [ 153.949540][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> > > > [ 153.950855][ T402] RIP: 0033:0x7f0f37df7719
> > > > [ 153.951869][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> > > > All code
> > > > ========
> > > > 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> > > > 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> > > > d: 00 00 00
> > > > 10: 90 nop
> > > > 11: 48 89 f8 mov %rdi,%rax
> > > > 14: 48 89 f7 mov %rsi,%rdi
> > > > 17: 48 89 d6 mov %rdx,%rsi
> > > > 1a: 48 89 ca mov %rcx,%rdx
> > > > 1d: 4d 89 c2 mov %r8,%r10
> > > > 20: 4d 89 c8 mov %r9,%r8
> > > > 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> > > > 28: 0f 05 syscall
> > > > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> > > > 30: 73 01 jae 0x33
> > > > 32: c3 ret
> > > > 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> > > > 3a: f7 d8 neg %eax
> > > > 3c: 64 89 01 mov %eax,%fs:(%rcx)
> > > > 3f: 48 rex.W
> > > >
> > > > Code starting with the faulting instruction
> > > > ===========================================
> > > > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> > > > 6: 73 01 jae 0x9
> > > > 8: c3 ret
> > > > 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> > > > 10: f7 d8 neg %eax
> > > > 12: 64 89 01 mov %eax,%fs:(%rcx)
> > > > 15: 48 rex.W
> > > > [ 153.955810][ T402] RSP: 002b:00007ffccd7f7198 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
> > > > [ 153.957666][ T402] RAX: ffffffffffffffda RBX: 000055cc9f9fddd0 RCX: 00007f0f37df7719
> > > > [ 153.959411][ T402] RDX: 0000000000000000 RSI: 000055cc9f9f24a0 RDI: 0000000000000004
> > > > [ 153.961142][ T402] RBP: 000055cc9f9f24a0 R08: 0000000000000000 R09: 000055cc9f9ff250
> > > > [ 153.962910][ T402] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000040000
> > > > [ 153.964665][ T402] R13: 0000000000000000 R14: 000055cc9f9fdd80 R15: 0000000000000000
> > > > [ 153.966393][ T402] </TASK>
> > > > [ 153.967209][ T402]
> > > > [ 153.967856][ T402] Memory state around the buggy address:
> > > > [ 153.969123][ T402] BUG: unable to handle page fault for address: fffffbfff3ffffe0
> > > > [ 153.970807][ T402] #PF: supervisor read access in kernel mode
> > > > [ 153.972036][ T402] #PF: error_code(0x0000) - not-present page
> > > > [ 153.973220][ T402] PGD 417fdb067 P4D 417fdb067 PUD 417fd7067 PMD 0
> > > > [ 153.974560][ T402] Oops: Oops: 0000 [#1] PREEMPT KASAN
> > > > [ 153.975758][ T402] CPU: 0 UID: 0 PID: 402 Comm: modprobe Tainted: G T 6.12.0-rc6-00146-g0f9b685626da #1 87c8486a909ba2f90eff061a4c9c1fa5c9cd90ea
> > > > [ 153.978853][ T402] Tainted: [T]=RANDSTRUCT
> > > > [ 153.979851][ T402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
> > > > [ 153.982008][ T402] RIP: 0010:kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> > > > [ 153.983368][ T402] Code: 40 08 48 89 43 58 5b 31 c0 31 d2 31 c9 31 f6 31 ff c3 cc cc cc cc 66 0f 1f 00 b8 ff ff 37 00 48 c1 ee 03 48 c1 e0 2a 48 01 c6 <48> 8b 06 48 89 07 48 8b 46 08 48 89 47 08 31 c0 31 f6 31 ff c3 cc
> > > > All code
> > > > ========
> > > > 0: 40 08 48 89 rex or %cl,-0x77(%rax)
> > > > 4: 43 58 rex.XB pop %r8
> > > > 6: 5b pop %rbx
> > > > 7: 31 c0 xor %eax,%eax
> > > > 9: 31 d2 xor %edx,%edx
> > > > b: 31 c9 xor %ecx,%ecx
> > > > d: 31 f6 xor %esi,%esi
> > > > f: 31 ff xor %edi,%edi
> > > > 11: c3 ret
> > > > 12: cc int3
> > > > 13: cc int3
> > > > 14: cc int3
> > > > 15: cc int3
> > > > 16: 66 0f 1f 00 nopw (%rax)
> > > > 1a: b8 ff ff 37 00 mov $0x37ffff,%eax
> > > > 1f: 48 c1 ee 03 shr $0x3,%rsi
> > > > 23: 48 c1 e0 2a shl $0x2a,%rax
> > > > 27: 48 01 c6 add %rax,%rsi
> > > > 2a:* 48 8b 06 mov (%rsi),%rax <-- trapping instruction
> > > > 2d: 48 89 07 mov %rax,(%rdi)
> > > > 30: 48 8b 46 08 mov 0x8(%rsi),%rax
> > > > 34: 48 89 47 08 mov %rax,0x8(%rdi)
> > > > 38: 31 c0 xor %eax,%eax
> > > > 3a: 31 f6 xor %esi,%esi
> > > > 3c: 31 ff xor %edi,%edi
> > > > 3e: c3 ret
> > > > 3f: cc int3
> > > >
> > > > Code starting with the faulting instruction
> > > > ===========================================
> > > > 0: 48 8b 06 mov (%rsi),%rax
> > > > 3: 48 89 07 mov %rax,(%rdi)
> > > > 6: 48 8b 46 08 mov 0x8(%rsi),%rax
> > > > a: 48 89 47 08 mov %rax,0x8(%rdi)
> > > > e: 31 c0 xor %eax,%eax
> > > > 10: 31 f6 xor %esi,%esi
> > > > 12: 31 ff xor %edi,%edi
> > > > 14: c3 ret
> > > > 15: cc int3
> > > > [ 153.987254][ T402] RSP: 0018:ffffc9000218f9f8 EFLAGS: 00010082
> > > > [ 153.988595][ T402] RAX: dffffc0000000000 RBX: ffffffff9fffff00 RCX: 0000000000000000
> > > > [ 153.990325][ T402] RDX: 0000000000000000 RSI: fffffbfff3ffffe0 RDI: ffffc9000218fa04
> > > > [ 153.992086][ T402] RBP: 00000000fffffffe R08: 0000000000000000 R09: 0000000000000000
> > > > [ 153.993786][ T402] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffa0000000
> > > > [ 153.995554][ T402] R13: ffffffff864b4994 R14: ffffffff9fffff80 R15: 0000000000000028
> > > > [ 153.997305][ T402] FS: 00007f0f37cf5040(0000) GS:ffffffff86989000(0000) knlGS:0000000000000000
> > > > [ 153.999133][ T402] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > > > [ 154.000578][ T402] CR2: fffffbfff3ffffe0 CR3: 0000000128853000 CR4: 00000000000006b0
> > > > [ 154.002367][ T402] Call Trace:
> > > > [ 154.003318][ T402] <TASK>
> > > > [ 154.004087][ T402] ? __die_body (arch/x86/kernel/dumpstack.c:421)
> > > > [ 154.005074][ T402] ? page_fault_oops (arch/x86/mm/fault.c:710)
> > > > [ 154.006242][ T402] ? show_fault_oops (arch/x86/mm/fault.c:643)
> > > > [ 154.007368][ T402] ? search_module_extables (kernel/module/main.c:3369)
> > > > [ 154.008525][ T402] ? fixup_exception (arch/x86/mm/extable.c:321)
> > > > [ 154.009629][ T402] ? exc_page_fault (arch/x86/mm/fault.c:1479 arch/x86/mm/fault.c:1539)
> > > > [ 154.010771][ T402] ? asm_exc_page_fault (arch/x86/include/asm/idtentry.h:623)
> > > > [ 154.011853][ T402] ? kasan_metadata_fetch_row (mm/kasan/report_generic.c:186)
> > > > [ 154.013072][ T402] print_report (mm/kasan/report.c:466 mm/kasan/report.c:489)
> > > > [ 154.014122][ T402] ? move_module (kernel/module/main.c:2357)
> > > > [ 154.015238][ T402] kasan_report (mm/kasan/report.c:603)
> > > > [ 154.016231][ T402] ? move_module (kernel/module/main.c:2357)
> > > > [ 154.017255][ T402] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
> > > > [ 154.018379][ T402] __asan_memcpy (mm/kasan/shadow.c:105 (discriminator 1))
> > > > [ 154.019400][ T402] move_module (kernel/module/main.c:2357)
> > > > [ 154.020435][ T402] layout_and_allocate+0x446/0x523
> > > > [ 154.021792][ T402] load_module (kernel/module/main.c:2985)
> > > > [ 154.022822][ T402] ? mode_strip_umask (fs/namei.c:3248)
> > > > [ 154.023928][ T402] init_module_from_file (kernel/module/main.c:3266)
> > > > [ 154.025069][ T402] ? __ia32_sys_init_module (kernel/module/main.c:3266)
> > > > [ 154.026265][ T402] ? __lock_release+0x106/0x38c
> > > > [ 154.027496][ T402] ? idempotent_init_module (kernel/module/main.c:3301)
> > > > [ 154.028688][ T402] ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848)
> > > > [ 154.029766][ T402] idempotent_init_module (kernel/module/main.c:3302)
> > > > [ 154.030985][ T402] ? init_module_from_file (kernel/module/main.c:3294)
> > > > [ 154.032192][ T402] ? security_capable (security/security.c:1143)
> > > > [ 154.033310][ T402] __do_sys_finit_module (include/linux/file.h:68 kernel/module/main.c:3330)
> > > > [ 154.034478][ T402] do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)
> > > > [ 154.035532][ T402] entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)
> > > > [ 154.036819][ T402] RIP: 0033:0x7f0f37df7719
> > > > [ 154.037865][ T402] Code: 08 89 e8 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 06 0d 00 f7 d8 64 89 01 48
> > > > All code
> > > > ========
> > > > 0: 08 89 e8 5b 5d c3 or %cl,-0x3ca2a418(%rcx)
> > > > 6: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
> > > > d: 00 00 00
> > > > 10: 90 nop
> > > > 11: 48 89 f8 mov %rdi,%rax
> > > > 14: 48 89 f7 mov %rsi,%rdi
> > > > 17: 48 89 d6 mov %rdx,%rsi
> > > > 1a: 48 89 ca mov %rcx,%rdx
> > > > 1d: 4d 89 c2 mov %r8,%r10
> > > > 20: 4d 89 c8 mov %r9,%r8
> > > > 23: 4c 8b 4c 24 08 mov 0x8(%rsp),%r9
> > > > 28: 0f 05 syscall
> > > > 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction
> > > > 30: 73 01 jae 0x33
> > > > 32: c3 ret
> > > > 33: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06f1
> > > > 3a: f7 d8 neg %eax
> > > > 3c: 64 89 01 mov %eax,%fs:(%rcx)
> > > > 3f: 48 rex.W
> > > >
> > > > Code starting with the faulting instruction
> > > > ===========================================
> > > > 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax
> > > > 6: 73 01 jae 0x9
> > > > 8: c3 ret
> > > > 9: 48 8b 0d b7 06 0d 00 mov 0xd06b7(%rip),%rcx # 0xd06c7
> > > > 10: f7 d8 neg %eax
> > > > 12: 64 89 01 mov %eax,%fs:(%rcx)
> > > > 15: 48 rex.W
> > > >
> > > >
> > > > The kernel config and materials to reproduce are available at:
> > > > https://download.01.org/0day-ci/archive/20241113/202411132111.6a221562-lkp@intel.com
> > > >
> > > >
> > > >
> > > > --
> > > > 0-DAY CI Kernel Test Service
> > > > https://github.com/intel/lkp-tests/wiki
> > > >
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-11-19 20:30 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-13 14:06 [linux-next:master] [alloc_tag] 0f9b685626: BUG:KASAN:vmalloc-out-of-bounds_in_move_module kernel test robot
2024-11-13 21:34 ` Suren Baghdasaryan
2024-11-14 23:40 ` Suren Baghdasaryan
2024-11-18 6:56 ` Oliver Sang
2024-11-19 20:30 ` Suren Baghdasaryan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox