From: Christophe Leroy <christophe.leroy@csgroup.eu>
To: Hari Bathini <hbathini@linux.ibm.com>,
"linuxppc-dev@lists.ozlabs.org" <linuxppc-dev@lists.ozlabs.org>
Subject: BUG: KASAN: vmalloc-out-of-bounds in memset32 (bpf_prog_pack_free)
Date: Wed, 31 Jan 2024 11:46:16 +0000 [thread overview]
Message-ID: <2000a30f-214a-4b20-b0b5-348e987d6a0e@csgroup.eu> (raw)
Hi,
Got the following BUG while loading module test_bpf.ko
No time to investigate for now.
root@vgoip:~# insmod test_bpf.ko
[ 263.409030]
==================================================================
[ 263.416415] BUG: KASAN: vmalloc-out-of-bounds in memset32+0x5c/0xa0
[ 263.422952] Write of size 4 at addr c9000e40 by task kworker/0:0/7
[ 263.429322]
[ 263.430816] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted
6.8.0-rc1-s3k-dev-02364-gc626219462a6-dirty #606
[ 263.440580] Hardware name: MIAE 8xx 0x500000 CMPC885
[ 263.445658] Workqueue: events bpf_prog_free_deferred
[ 263.450973] Call Trace:
[ 263.453411] [c905bd00] [c0c114e8] dump_stack_lvl+0x34/0x50 (unreliable)
[ 263.460744] [c905bd20] [c026b9d4] print_report+0x174/0x608
[ 263.466853] [c905bd70] [c026c01c] kasan_report+0xc0/0x130
[ 263.472788] [c905bdd0] [c0c43cb0] memset32+0x5c/0xa0
[ 263.478198] [c905bdf0] [c0030690] patch_instructions+0x70/0x17c
[ 263.484656] [c905be30] [c00389b0] bpf_arch_text_invalidate+0xa8/0x120
[ 263.491638] [c905be90] [c018e63c] bpf_prog_pack_free+0xec/0x24c
[ 263.498096] [c905bec0] [c018ea34] bpf_jit_binary_pack_free+0x3c/0x80
[ 263.504991] [c905bee0] [c0038ae8] bpf_jit_free+0xc0/0x128
[ 263.510925] [c905bf00] [c00790f8] process_one_work+0x310/0x6e8
[ 263.517209] [c905bf50] [c0079b2c] worker_thread+0x65c/0x868
[ 263.523232] [c905bfc0] [c0084b78] kthread+0x17c/0x1ac
[ 263.528817] [c905bff0] [c00181fc] start_kernel_thread+0x10/0x14
[ 263.535279]
[ 263.536782] The buggy address belongs to the virtual mapping at
[ 263.536782] [c9000000, c9008000) created by:
[ 263.536782] text_area_cpu_up+0x28/0x1d4
[ 263.551418]
[ 263.552902] The buggy address belongs to the physical page:
[ 263.560228]
[ 263.561713] Memory state around the buggy address:
[ 263.566585] c9000d00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 263.573307] c9000d80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 263.580027] >c9000e00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 263.586677] ^
[ 263.591370] c9000e80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 263.598093] c9000f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[ 263.604743]
==================================================================
Christophe
next reply other threads:[~2024-01-31 11:47 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-31 11:46 Christophe Leroy [this message]
2024-02-23 2:20 ` BUG: KASAN: vmalloc-out-of-bounds in memset32 (bpf_prog_pack_free) Benjamin Gray
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2000a30f-214a-4b20-b0b5-348e987d6a0e@csgroup.eu \
--to=christophe.leroy@csgroup.eu \
--cc=hbathini@linux.ibm.com \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).