* [daveh-devel:kpte] [mm] ccbd04de39: BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof
@ 2025-09-01 14:37 kernel test robot
0 siblings, 0 replies; only message in thread
From: kernel test robot @ 2025-09-01 14:37 UTC (permalink / raw)
To: Dave Hansen; +Cc: oe-lkp, lkp, linux-arch, linux-mm, oliver.sang
Hello,
kernel test robot noticed "BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof" on:
commit: ccbd04de39826d130b67374e68599e128b53acab ("mm: Actually mark kernel page table pages")
https://git.kernel.org/cgit/linux/kernel/git/daveh/devel.git kpte
in testcase: boot
config: x86_64-randconfig-001-20250829
compiler: gcc-12
test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G
(please refer to attached dmesg/kmsg for entire log/backtrace)
+-------------------------------------------------------------------------------+------------+------------+
| | a2440f9328 | ccbd04de39 |
+-------------------------------------------------------------------------------+------------+------------+
| BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof | 0 | 11 |
| Oops:general_protection_fault,probably_for_non-canonical_address#:#[##]KASAN | 0 | 11 |
| KASAN:maybe_wild-memory-access_in_range[#-#] | 0 | 11 |
| RIP:pmd_alloc_one_noprof | 0 | 11 |
| Kernel_panic-not_syncing:Fatal_exception | 0 | 11 |
+-------------------------------------------------------------------------------+------------+------------+
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <oliver.sang@intel.com>
| Closes: https://lore.kernel.org/oe-lkp/202509012256.9322539b-lkp@intel.com
[ 1.250500][ T0] BUG: KASAN: wild-memory-access in pmd_alloc_one_noprof+0x34/0x7f
[ 1.251149][ T0] Write of size 8 at addr fefefefefefefefe by task swapper/0
[ 1.251674][ T0]
[ 1.251837][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc3-00002-gccbd04de3982 #1 PREEMPT a53390bc94bb546224a464bcf114b97da0f198de
[ 1.252806][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 1.253538][ T0] Call Trace:
[ 1.253770][ T0] <TASK>
[ 1.253980][ T0] dump_stack_lvl (lib/dump_stack.c:123)
[ 1.254351][ T0] kasan_report (mm/kasan/report.c:597)
[ 1.254674][ T0] ? pmd_alloc_one_noprof+0x34/0x7f
[ 1.255130][ T0] kasan_check_range (mm/kasan/generic.c:183 mm/kasan/generic.c:189)
[ 1.255486][ T0] pmd_alloc_one_noprof+0x34/0x7f
[ 1.255930][ T0] __pud_alloc (mm/memory.c:6427)
[ 1.256247][ T0] preallocate_vmalloc_pages (include/linux/mm.h:2838 arch/x86/mm/init_64.c:1336)
[ 1.256651][ T0] mm_core_init (mm/mm_init.c:2776)
[ 1.256981][ T0] start_kernel (init/main.c:959)
[ 1.257311][ T0] x86_64_start_reservations (arch/x86/kernel/head64.c:175)
[ 1.257701][ T0] x86_64_start_kernel (arch/x86/kernel/ebda.c:57)
[ 1.258068][ T0] common_startup_64 (arch/x86/kernel/head_64.S:419)
[ 1.258426][ T0] </TASK>
[ 1.258641][ T0] ==================================================================
[ 1.259211][ T0] Disabling lock debugging due to kernel taint
[ 1.259661][ T0] Oops: general protection fault, probably for non-canonical address 0xfefefefefefefefe: 0000 [#1] KASAN
[ 1.260447][ T0] KASAN: maybe wild-memory-access in range [0xf7f817f7f7f7f7f0-0xf7f817f7f7f7f7f7]
[ 1.261096][ T0] CPU: 0 UID: 0 PID: 0 Comm: swapper Tainted: G B 6.17.0-rc3-00002-gccbd04de3982 #1 PREEMPT a53390bc94bb546224a464bcf114b97da0f198de
[ 1.262163][ T0] Tainted: [B]=BAD_PAGE
[ 1.262457][ T0] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[ 1.263181][ T0] RIP: pmd_alloc_one_noprof+0x34/0x7f
[ 1.263671][ T0] Code: e8 eb 5f d1 ff 48 81 fd 00 11 6e b1 75 24 48 bb fe fe fe fe fe fe fe fe e8 d3 5f d1 ff be 08 00 00 00 48 89 df e8 91 7d 0a 00 <80> 0b 04 bb c0 0d 00 00 e8 b9 5f d1 ff 89 df 31 c9 31 d2 81 cf 00
All code
========
0: e8 eb 5f d1 ff call 0xffffffffffd15ff0
5: 48 81 fd 00 11 6e b1 cmp $0xffffffffb16e1100,%rbp
c: 75 24 jne 0x32
e: 48 bb fe fe fe fe fe movabs $0xfefefefefefefefe,%rbx
15: fe fe fe
18: e8 d3 5f d1 ff call 0xffffffffffd15ff0
1d: be 08 00 00 00 mov $0x8,%esi
22: 48 89 df mov %rbx,%rdi
25: e8 91 7d 0a 00 call 0xa7dbb
2a:* 80 0b 04 orb $0x4,(%rbx) <-- trapping instruction
2d: bb c0 0d 00 00 mov $0xdc0,%ebx
32: e8 b9 5f d1 ff call 0xffffffffffd15ff0
37: 89 df mov %ebx,%edi
39: 31 c9 xor %ecx,%ecx
3b: 31 d2 xor %edx,%edx
3d: 81 .byte 0x81
3e: cf iret
...
Code starting with the faulting instruction
===========================================
0: 80 0b 04 orb $0x4,(%rbx)
3: bb c0 0d 00 00 mov $0xdc0,%ebx
8: e8 b9 5f d1 ff call 0xffffffffffd15fc6
d: 89 df mov %ebx,%edi
f: 31 c9 xor %ecx,%ecx
11: 31 d2 xor %edx,%edx
13: 81 .byte 0x81
14: cf iret
...
[ 1.265038][ T0] RSP: 0000:ffffffffb0e07e68 EFLAGS: 00010046
[ 1.265467][ T0] RAX: 0000000000000000 RBX: fefefefefefefefe RCX: ffffffffab0f6f61
[ 1.266023][ T0] RDX: 0000000000000000 RSI: ffffffffb0e42740 RDI: 0000000000000002
[ 1.266586][ T0] RBP: ffffffffb16e1100 R08: 0000000000000000 R09: 0000000000000000
[ 1.267144][ T0] R10: 0000000000000007 R11: ffffffffb0e42740 R12: dffffc0000000000
[ 1.267700][ T0] R13: fffffbfff6163097 R14: ffffffffb16e1100 R15: 0000000000000000
[ 1.268258][ T0] FS: 0000000000000000(0000) GS:0000000000000000(0000) knlGS:0000000000000000
[ 1.268884][ T0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1.269347][ T0] CR2: ffff88843ffff000 CR3: 0000000098328000 CR4: 00000000000000b0
[ 1.269906][ T0] Call Trace:
[ 1.270134][ T0] <TASK>
[ 1.270350][ T0] __pud_alloc (mm/memory.c:6427)
[ 1.270668][ T0] preallocate_vmalloc_pages (include/linux/mm.h:2838 arch/x86/mm/init_64.c:1336)
[ 1.271068][ T0] mm_core_init (mm/mm_init.c:2776)
[ 1.271396][ T0] start_kernel (init/main.c:959)
[ 1.271723][ T0] x86_64_start_reservations (arch/x86/kernel/head64.c:175)
[ 1.272112][ T0] x86_64_start_kernel (arch/x86/kernel/ebda.c:57)
[ 1.272476][ T0] common_startup_64 (arch/x86/kernel/head_64.S:419)
[ 1.272824][ T0] </TASK>
[ 1.273034][ T0] Modules linked in:
[ 1.273309][ T0] ---[ end trace 0000000000000000 ]---
[ 1.273688][ T0] RIP: pmd_alloc_one_noprof+0x34/0x7f
[ 1.274194][ T0] Code: e8 eb 5f d1 ff 48 81 fd 00 11 6e b1 75 24 48 bb fe fe fe fe fe fe fe fe e8 d3 5f d1 ff be 08 00 00 00 48 89 df e8 91 7d 0a 00 <80> 0b 04 bb c0 0d 00 00 e8 b9 5f d1 ff 89 df 31 c9 31 d2 81 cf 00
All code
========
0: e8 eb 5f d1 ff call 0xffffffffffd15ff0
5: 48 81 fd 00 11 6e b1 cmp $0xffffffffb16e1100,%rbp
c: 75 24 jne 0x32
e: 48 bb fe fe fe fe fe movabs $0xfefefefefefefefe,%rbx
15: fe fe fe
18: e8 d3 5f d1 ff call 0xffffffffffd15ff0
1d: be 08 00 00 00 mov $0x8,%esi
22: 48 89 df mov %rbx,%rdi
25: e8 91 7d 0a 00 call 0xa7dbb
2a:* 80 0b 04 orb $0x4,(%rbx) <-- trapping instruction
2d: bb c0 0d 00 00 mov $0xdc0,%ebx
32: e8 b9 5f d1 ff call 0xffffffffffd15ff0
37: 89 df mov %ebx,%edi
39: 31 c9 xor %ecx,%ecx
3b: 31 d2 xor %edx,%edx
3d: 81 .byte 0x81
3e: cf iret
...
Code starting with the faulting instruction
===========================================
0: 80 0b 04 orb $0x4,(%rbx)
3: bb c0 0d 00 00 mov $0xdc0,%ebx
8: e8 b9 5f d1 ff call 0xffffffffffd15fc6
d: 89 df mov %ebx,%edi
f: 31 c9 xor %ecx,%ecx
11: 31 d2 xor %edx,%edx
13: 81 .byte 0x81
14: cf iret
The kernel config and materials to reproduce are available at:
https://download.01.org/0day-ci/archive/20250901/202509012256.9322539b-lkp@intel.com
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-09-01 14:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-01 14:37 [daveh-devel:kpte] [mm] ccbd04de39: BUG:KASAN:wild-memory-access_in_pmd_alloc_one_noprof kernel test robot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).