From: Andrey Konovalov <andreyknvl@gmail.com>
To: Erhard Furtner <erhard_f@mailbox.org>
Cc: Nico Pache <npache@redhat.com>,
kasan-dev@googlegroups.com, linuxppc-dev@lists.ozlabs.org,
linux-mm@kvack.org
Subject: Re: Machine freezes after running KASAN KUnit test 21 with a GCC 13.2 built kernel but runs tests fine with a CLANG 18 build kernel (v6.9-rc5, 32bit ppc, PowerMac G4 DP)
Date: Mon, 20 May 2024 01:01:21 +0200 [thread overview]
Message-ID: <CA+fCnZeeJub5iCwwwGM2pDt9wzX=T4+wpZbbGhKQ7Qbtb+tFeA@mail.gmail.com> (raw)
In-Reply-To: <20240518170548.13124cfa@yea>
On Sat, May 18, 2024 at 5:05 PM Erhard Furtner <erhard_f@mailbox.org> wrote:
>
> The patch fixes the issue on ppc too. Thanks!
You're welcome!
> The test run continues and I get a failing one later on (though not '31 rcu_uaf' Nico reported but) '65 vmalloc_oob':
> [...]
> BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x1d0/0x3cc
> Read of size 1 at addr f10457f3 by task kunit_try_catch/190
>
> CPU: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.9.1-PMacG4-dirty #1
> Hardware name: PowerMac3,1 7450 0x80000201 PowerMac
> Call Trace:
> [f197bd60] [c15f48ac] dump_stack_lvl+0x80/0xac (unreliable)
> [f197bd80] [c04c3f14] print_report+0xd4/0x4fc
> [f197bdd0] [c04c456c] kasan_report+0xf8/0x10c
> [f197be50] [c04c723c] vmalloc_oob+0x1d0/0x3cc
> [f197bed0] [c0c29e98] kunit_try_run_case+0x3bc/0x5d8
> [f197bfa0] [c0c2f1c8] kunit_generic_run_threadfn_adapter+0xa4/0xf8
> [f197bfc0] [c00facf8] kthread+0x384/0x394
> [f197bff0] [c002e304] start_kernel_thread+0x10/0x14
>
> The buggy address belongs to the virtual mapping at
> [f1045000, f1047000) created by:
> vmalloc_oob+0x70/0x3cc
>
> The buggy address belongs to the physical page:
> page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x79f8b
> flags: 0x80000000(zone=2)
> page_type: 0xffffffff()
> raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001
> raw: 00000000
> page dumped because: kasan: bad access detected
>
> Memory state around the buggy address:
> f1045680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> f1045700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >f1045780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
> ^
> f1045800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
> f1045880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
> ==================================================================
> ==================================================================
> BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x294/0x3cc
> Read of size 1 at addr f10457f8 by task kunit_try_catch/190
>
> CPU: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.9.1-PMacG4-dirty #1
> Hardware name: PowerMac3,1 7450 0x80000201 PowerMac
> Call Trace:
> [f197bd60] [c15f48ac] dump_stack_lvl+0x80/0xac (unreliable)
> [f197bd80] [c04c3f14] print_report+0xd4/0x4fc
> [f197bdd0] [c04c456c] kasan_report+0xf8/0x10c
> [f197be50] [c04c7300] vmalloc_oob+0x294/0x3cc
> [f197bed0] [c0c29e98] kunit_try_run_case+0x3bc/0x5d8
> [f197bfa0] [c0c2f1c8] kunit_generic_run_threadfn_adapter+0xa4/0xf8
> [f197bfc0] [c00facf8] kthread+0x384/0x394
> [f197bff0] [c002e304] start_kernel_thread+0x10/0x14
>
> The buggy address belongs to the virtual mapping at
> [f1045000, f1047000) created by:
> vmalloc_oob+0x70/0x3cc
>
> The buggy address belongs to the physical page:
> page: refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x79f8b
> flags: 0x80000000(zone=2)
> page_type: 0xffffffff()
> raw: 80000000 00000000 00000122 00000000 00000000 00000000 ffffffff 00000001
> raw: 00000000
> page dumped because: kasan: bad access detected
>
> Memory state around the buggy address:
> f1045680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> f1045700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
> >f1045780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8
> ^
> f1045800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
> f1045880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
> ==================================================================
> # vmalloc_oob: ASSERTION FAILED at mm/kasan/kasan_test.c:1680
> Expected p_ptr is not null, but is
> not ok 65 vmalloc_oob
> [...]
>
> This is in line with my CLANG 18 build where I get the same vmalloc_oob failure: https://github.com/ClangBuiltLinux/linux/issues/2020.
>
> There Nathan already found out this happens when the machine got more than 867 MB of RAM. Probably this test failing may be a ppc specific issue. I can also open a new thread for that if you'd like.
Yeah, I suspect this is something ppc-specific and might not even be
KASAN-related: somehow vmalloc_to_page + page_address return NULL. A
separate thread with ppc maintainers makes sense.
Thanks!
prev parent reply other threads:[~2024-05-19 23:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-27 18:50 Erhard Furtner
2024-05-01 12:41 ` Erhard Furtner
2024-05-17 13:02 ` Andrey Konovalov
2024-05-18 15:05 ` Erhard Furtner
2024-05-19 23:01 ` Andrey Konovalov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+fCnZeeJub5iCwwwGM2pDt9wzX=T4+wpZbbGhKQ7Qbtb+tFeA@mail.gmail.com' \
--to=andreyknvl@gmail.com \
--cc=erhard_f@mailbox.org \
--cc=kasan-dev@googlegroups.com \
--cc=linux-mm@kvack.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=npache@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox