From: bugzilla-daemon@kernel.org
To: linuxppc-dev@lists.ozlabs.org
Subject: [Bug 216715] kernel 6.1-rc5 + KASAN_OUTLINE fails to boot at very early stage when DEBUG_PAGEALLOC_ENABLE_DEFAULT is enabled (PowerMac G4 3,6)
Date: Tue, 22 Nov 2022 00:34:38 +0000 [thread overview]
Message-ID: <bug-216715-206035-E2zi0uFYCD@https.bugzilla.kernel.org/> (raw)
In-Reply-To: <bug-216715-206035@https.bugzilla.kernel.org/>
https://bugzilla.kernel.org/show_bug.cgi?id=216715
--- Comment #5 from Erhard F. (erhard_f@mailbox.org) ---
Created attachment 303257
--> https://bugzilla.kernel.org/attachment.cgi?id=303257&action=edit
303256: kernel dmesg (6.1-rc6, PowerMac G4 DP) - BUG: KASAN:
slab-out-of-bounds, 2nd time
Here a slightly different kernel is used with SMP off. KASAN hit happened
instantly after trying to build glibc:
[...]
BUG: KASAN: slab-out-of-bounds in set_pte_at+0x9c/0x16c
Read of size 4 at addr c322519c by task emerge/296
CPU: 0 PID: 296 Comm: emerge Tainted: G TN 6.1.0-rc6-PMacG4s #31
Hardware name: PowerMac3,6 7455 0x80010303 PowerMac
Call Trace:
[f2aeb760] [c0ca8ecc] dump_stack_lvl+0x34/0x74 (unreliable)
[f2aeb780] [c02d2800] print_report+0x154/0x4f4
[f2aeb7d0] [c02d2508] kasan_report+0xec/0x230
[f2aeb830] [c002657c] set_pte_at+0x9c/0x16c
[f2aeb860] [c02744a8] copy_page_range+0x4ec/0xee0
[f2aeb990] [c005608c] dup_mm+0x70c/0x8ac
[f2aebab0] [c0057eec] copy_process+0x19b0/0x2c10
[f2aebba0] [c0059424] kernel_clone+0xd0/0x4c4
[f2aebc40] [c0059efc] sys_clone+0xfc/0x154
[f2aebd10] [c0017c60] system_call_exception+0x104/0x1ac
[f2aebf30] [c001f1ac] ret_from_syscall+0x0/0x2c
--- interrupt: c00 at 0xa7572df4
NIP: a7572df4 LR: a7572974 CTR: a7747ee8
REGS: f2aebf40 TRAP: 0c00 Tainted: G TN (6.1.0-rc6-PMacG4s)
MSR: 0200f932 <VEC,EE,PR,FP,ME,IR,DR,RI> CR: 48882244 XER: 00000000
GPR00: 00000078 af879140 a7c2d5a0 01200011 00000000 00000000 00000000 a7c26088
GPR08: 00000000 00000002 a6e31870 a781c724 48882242 008bfff4 00000000 00a0243c
GPR16: 00000000 016b591e 016b5910 af879304 31afa123 00000001 00000000 a7c284fc
GPR24: 00000000 00000000 a58ddc88 a7ae3128 a7bc1f08 a6ee0118 a769fff4 00000001
NIP [a7572df4] 0xa7572df4
LR [a7572974] 0xa7572974
--- interrupt: c00
Allocated by task 1:
kasan_set_track+0x44/0x94
__kasan_slab_alloc+0xa0/0xe8
kmem_cache_alloc+0x1e8/0x664
__kernfs_new_node+0xe8/0x354
kernfs_new_node+0x84/0xfc
__kernfs_create_file+0x50/0x204
sysfs_add_file_mode_ns+0xf4/0x1f0
internal_create_group+0x1f0/0x620
sysfs_slab_add+0x23c/0x2dc
__kmem_cache_create+0x14c/0x510
kmem_cache_create_usercopy+0x250/0x39c
btrfs_init_cachep+0x48/0x1e8
init_btrfs_fs+0x50/0x2b0
do_one_initcall+0xc0/0x34c
kernel_init_freeable+0x2a0/0x3e0
kernel_init+0x28/0x174
ret_from_kernel_thread+0x5c/0x64
The buggy address belongs to the object at c32251a0
which belongs to the cache kernfs_node_cache of size 88
The buggy address is located 4 bytes to the left of
88-byte region [c32251a0, c32251f8)
The buggy address belongs to the physical page:
page:eee50d34 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x3225
flags: 0x200(slab|zone=0)
raw: 00000200 00000100 00000122 c1843d20 00000000 001e003c ffffffff 00000001
raw: 00000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
c3225080: fc fc 00 00 00 00 00 00 00 00 00 00 00 fc fc fc
c3225100: fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc fc
>c3225180: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc
^
c3225200: fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00
c3225280: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00
==================================================================
Disabling lock debugging due to kernel taint
_swap_info_get: Bad swap file entry 10005281
BUG: Bad page map in process emerge pte:00528124 pmd:03225000
addr:af85a000 vm_flags:00100173 anon_vma:c8fb3bd8 mapping:00000000 index:affdf
file:(null) fault:0x0 mmap:0x0 read_folio:0x0
CPU: 0 PID: 300 Comm: emerge Tainted: G B TN 6.1.0-rc6-PMacG4s #31
Hardware name: PowerMac3,6 7455 0x80010303 PowerMac
Call Trace:
[f2f838c0] [c0ca8ecc] dump_stack_lvl+0x34/0x74 (unreliable)
[f2f838e0] [c02717e8] print_bad_pte+0x2e8/0x364
[f2f83970] [c027579c] unmap_page_range+0x900/0xa30
[f2f83a30] [c027607c] unmap_vmas+0x1d8/0x2cc
[f2f83b30] [c0283a68] exit_mmap+0x154/0x2f0
[f2f83c50] [c00542e8] mmput+0x98/0x244
[f2f83c80] [c005f784] do_exit+0x434/0xdc0
[f2f83d00] [c0060318] do_group_exit+0x64/0x100
[f2f83d30] [c00603e4] __wake_up_parent+0x0/0x4c
[f2f83d50] [c0017c60] system_call_exception+0x104/0x1ac
[f2f83f30] [c001f1ac] ret_from_syscall+0x0/0x2c
--- interrupt: c00 at 0xa7572ec0
[...]
--
You may reply to this email to add a comment.
You are receiving this mail because:
You are watching the assignee of the bug.
next prev parent reply other threads:[~2022-11-22 0:35 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-21 0:19 [Bug 216715] New: kernel 6.1-rc5 + KASAN_OUTLINE fails to boot at very early stage when DEBUG_PAGEALLOC_ENABLE_DEFAULT is enabled (PowerMac G4 3,6) bugzilla-daemon
2022-11-21 8:19 ` [Bug 216715] " bugzilla-daemon
2022-11-22 0:12 ` bugzilla-daemon
2022-11-22 0:14 ` bugzilla-daemon
2022-11-22 0:19 ` bugzilla-daemon
2022-11-22 0:34 ` bugzilla-daemon [this message]
2023-05-19 18:49 ` bugzilla-daemon
2023-05-23 22:34 ` bugzilla-daemon
2023-05-23 22:35 ` bugzilla-daemon
2024-04-19 8:45 ` bugzilla-daemon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-216715-206035-E2zi0uFYCD@https.bugzilla.kernel.org/ \
--to=bugzilla-daemon@kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.