* [daveh-devel:kpte] [mm] ccbd04de39: BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof
@ 2025-09-01 14:37 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2025-09-01 14:37 UTC (permalink / raw)
To: Dave Hansen; +Cc: oe-lkp, lkp, linux-arch, linux-mm, oliver.sang
Hello,
kernel test robot noticed "BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof" on:
commit: ccbd04de39826d130b67374e68599e128b53acab ("mm: Actually mark kernel page table pages")
https://git.kernel.org/cgit/linux/kernel/git/daveh/devel.git kpte
in testcase: boot
config: x86_64-randconfig-001-20250829
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-------------------------------------------------------------------------------+------------+------------+
| | a2440f9328 | ccbd04de39 |
+-------------------------------------------------------------------------------+------------+------------+
| BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof | 0 | 11 |
| Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]KASAN | 0 | 11 |
| KASAN:maybe_wild-memory-access_in_range[#-#] | 0 | 11 |
| RIP:pmd_alloc_one_noprof | 0 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 |
+-------------------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202509012256.9322539b-lkp@intel.com
[ 1.250500][ T0] BUG: KASAN: wild-memory-access in pmd_alloc_one_noprof+0x34/0x7f
[ 1.251149][ T0] Write of size 8 at addr fefefefefefefefe by task swapper/0
[ 1.251674][ T0]
[ 1.251837][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc3-00002-gccbd04de3982 #1 PREEMPT a53390bc94bb546224a464bcf114b97da0f198de
[ 1.252806][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 1.253538][ T0] Call Trace:
[ 1.253770][ T0] <TASK>
[ 1.253980][ T0] dump_stack_lvl (lib/dump_stack.c:123)
[ 1.254351][ T0] kasan_report (mm/kasan/report.c:597)
[ 1.254674][ T0] ? pmd_alloc_one_noprof+0x34/0x7f
[ 1.255130][ T0] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
[ 1.255486][ T0] pmd_alloc_one_noprof+0x34/0x7f
[ 1.255930][ T0] __pud_alloc (mm/memory.c:6427)
[ 1.256247][ T0] preallocate_vmalloc_pages (include/linux/mm.h:2838 arch/x86/mm/init_64.c:1336)
[ 1.256651][ T0] mm_core_init (mm/mm_init.c:2776)
[ 1.256981][ T0] start_kernel (init/main.c:959)
[ 1.257311][ T0] x86_64_start_reservations (arch/x86/kernel/head64.c:175)
[ 1.257701][ T0] x86_64_start_kernel (arch/x86/kernel/ebda.c:57)
[ 1.258068][ T0] common_startup_64 (arch/x86/kernel/head_64.S:419)
[ 1.258426][ T0] </TASK>
[ 1.258641][ T0] ==================================================================
[ 1.259211][ T0] Disabling lock debugging due to kernel taint
[ 1.259661][ T0] Oops: general protection fault, probably for non-canonical address 0xfefefefefefefefe: 0000 [#1] KASAN
[ 1.260447][ T0] KASAN: maybe wild-memory-access in range [0xf7f817f7f7f7f7f0-0xf7f817f7f7f7f7f7]
[ 1.261096][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Tainted: G B 6.17.0-rc3-00002-gccbd04de3982 #1 PREEMPT a53390bc94bb546224a464bcf114b97da0f198de
[ 1.262163][ T0] Tainted: [B]=BAD_PAGE
[ 1.262457][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 1.263181][ T0] RIP: pmd_alloc_one_noprof+0x34/0x7f
[ 1.263671][ T0] Code: e8 eb 5f d1 ff 48 81 fd 00 11 6e b1 75 24 48 bb fe fe fe fe fe fe fe fe e8 d3 5f d1 ff be 08 00 00 00 48 89 df e8 91 7d 0a 00 <80> 0b 04 bb c0 0d 00 00 e8 b9 5f d1 ff 89 df 31 c9 31 d2 81 cf 00
All code
========
0: e8 eb 5f d1 ff call 0xffffffffffd15ff0
5: 48 81 fd 00 11 6e b1 cmp $0xffffffffb16e1100,%rbp
c: 75 24 jne 0x32
e: 48 bb fe fe fe fe fe movabs $0xfefefefefefefefe,%rbx
15: fe fe fe
18: e8 d3 5f d1 ff call 0xffffffffffd15ff0
1d: be 08 00 00 00 mov $0x8,%esi
22: 48 89 df mov %rbx,%rdi
25: e8 91 7d 0a 00 call 0xa7dbb
2a:* 80 0b 04 orb $0x4,(%rbx) <-- trapping instruction
2d: bb c0 0d 00 00 mov $0xdc0,%ebx
32: e8 b9 5f d1 ff call 0xffffffffffd15ff0
37: 89 df mov %ebx,%edi
39: 31 c9 xor %ecx,%ecx
3b: 31 d2 xor %edx,%edx
3d: 81 .byte 0x81
3e: cf iret
...
Code starting with the faulting instruction
===========================================
0: 80 0b 04 orb $0x4,(%rbx)
3: bb c0 0d 00 00 mov $0xdc0,%ebx
8: e8 b9 5f d1 ff call 0xffffffffffd15fc6
d: 89 df mov %ebx,%edi
f: 31 c9 xor %ecx,%ecx
11: 31 d2 xor %edx,%edx
13: 81 .byte 0x81
14: cf iret
...
[ 1.265038][ T0] RSP: 0000:ffffffffb0e07e68 EFLAGS: 00010046
[ 1.265467][ T0] RAX: 0000000000000000 RBX: fefefefefefefefe RCX: ffffffffab0f6f61
[ 1.266023][ T0] RDX: 0000000000000000 RSI: ffffffffb0e42740 RDI: 0000000000000002
[ 1.266586][ T0] RBP: ffffffffb16e1100 R08: 0000000000000000 R09: 0000000000000000
[ 1.267144][ T0] R10: 0000000000000007 R11: ffffffffb0e42740 R12: dffffc0000000000
[ 1.267700][ T0] R13: fffffbfff6163097 R14: ffffffffb16e1100 R15: 0000000000000000
[ 1.268258][ T0] FS: 0000000000000000(0000) GS:0000000000000000(0000) knlGS:0000000000000000
[ 1.268884][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.269347][ T0] CR2: ffff88843ffff000 CR3: 0000000098328000 CR4: 00000000000000b0
[ 1.269906][ T0] Call Trace:
[ 1.270134][ T0] <TASK>
[ 1.270350][ T0] __pud_alloc (mm/memory.c:6427)
[ 1.270668][ T0] preallocate_vmalloc_pages (include/linux/mm.h:2838 arch/x86/mm/init_64.c:1336)
[ 1.271068][ T0] mm_core_init (mm/mm_init.c:2776)
[ 1.271396][ T0] start_kernel (init/main.c:959)
[ 1.271723][ T0] x86_64_start_reservations (arch/x86/kernel/head64.c:175)
[ 1.272112][ T0] x86_64_start_kernel (arch/x86/kernel/ebda.c:57)
[ 1.272476][ T0] common_startup_64 (arch/x86/kernel/head_64.S:419)
[ 1.272824][ T0] </TASK>
[ 1.273034][ T0] Modules linked in:
[ 1.273309][ T0] ---[ end trace 0000000000000000 ]---
[ 1.273688][ T0] RIP: pmd_alloc_one_noprof+0x34/0x7f
[ 1.274194][ T0] Code: e8 eb 5f d1 ff 48 81 fd 00 11 6e b1 75 24 48 bb fe fe fe fe fe fe fe fe e8 d3 5f d1 ff be 08 00 00 00 48 89 df e8 91 7d 0a 00 <80> 0b 04 bb c0 0d 00 00 e8 b9 5f d1 ff 89 df 31 c9 31 d2 81 cf 00
All code
========
0: e8 eb 5f d1 ff call 0xffffffffffd15ff0
5: 48 81 fd 00 11 6e b1 cmp $0xffffffffb16e1100,%rbp
c: 75 24 jne 0x32
e: 48 bb fe fe fe fe fe movabs $0xfefefefefefefefe,%rbx
15: fe fe fe
18: e8 d3 5f d1 ff call 0xffffffffffd15ff0
1d: be 08 00 00 00 mov $0x8,%esi
22: 48 89 df mov %rbx,%rdi
25: e8 91 7d 0a 00 call 0xa7dbb
2a:* 80 0b 04 orb $0x4,(%rbx) <-- trapping instruction
2d: bb c0 0d 00 00 mov $0xdc0,%ebx
32: e8 b9 5f d1 ff call 0xffffffffffd15ff0
37: 89 df mov %ebx,%edi
39: 31 c9 xor %ecx,%ecx
3b: 31 d2 xor %edx,%edx
3d: 81 .byte 0x81
3e: cf iret
...
Code starting with the faulting instruction
===========================================
0: 80 0b 04 orb $0x4,(%rbx)
3: bb c0 0d 00 00 mov $0xdc0,%ebx
8: e8 b9 5f d1 ff call 0xffffffffffd15fc6
d: 89 df mov %ebx,%edi
f: 31 c9 xor %ecx,%ecx
11: 31 d2 xor %edx,%edx
13: 81 .byte 0x81
14: cf iret
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250901/202509012256.9322539b-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-01 14:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-01 14:37 [daveh-devel:kpte] [mm] ccbd04de39: BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof kernel test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.