208381 – KASAN: crash with percpu_alloc=page

Bug 208381 - KASAN: crash with percpu_alloc=page

Summary: KASAN: crash with percpu_alloc=page

Status:	NEW

Alias:	None

Product:	Memory Management
Classification:	Unclassified
Component:	Sanitizers (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	MM/Sanitizers virtual assignee

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-06-30 12:00 UTC by Dmitry Vyukov
Modified:	2020-06-30 13:39 UTC (History)
CC List:	2 users (show)

See Also:
Kernel Version:	5.7.0
Subsystem:
Regression:	No
Bisected commit-id:

Attachments
kernel config (171.31 KB, text/plain) 2020-06-30 12:00 UTC, Dmitry Vyukov	Details
Add an attachment (proposed patch, testcase, etc.)

Description Dmitry Vyukov 2020-06-30 12:00:16 UTC

Created attachment 289969 [details]
kernel config

Kernel with KASAN enabled and percpu_alloc=page command line argument fails to boot with:

BUG: unable to handle page fault for address: fffff52000000000
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 7ffd0067 P4D 7ffd0067 PUD 0 
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 0 Comm: swapper Not tainted 5.7.0 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1 04/01/2014
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:120 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:134 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:165 [inline]
RIP: 0010:check_memory_region_inline mm/kasan/generic.c:183 [inline]
RIP: 0010:check_memory_region+0x9d/0x1b0 mm/kasan/generic.c:192
Code: c9 4d 0f 49 c1 49 c1 f8 03 45 85 c0 0f 84 1a 01 00 00 41 83 e8 01 4e 8d 44 c0 08 eb 0d 48 83 c0 08 4c 39 c0 0f 84 c9 00 00 00 <48> 83 38 000
RSP: 0000:ffffffff89807d28 EFLAGS: 00010006
RAX: fffff52000000000 RBX: fffff52000000000 RCX: ffffffff8b976fe6
RDX: 0000000000000001 RSI: 00000000000390c8 RDI: ffffc90000000000
RBP: fffff52000007219 R08: fffff52000007218 R09: 0000000000007219
R10: ffffc900000390c7 R11: fffff52000007218 R12: 00000000000390c8
R13: ffffc90000000000 R14: dffffc0000000000 R15: ffff88807ffc5018
FS:  0000000000000000(0000) GS:ffffffff8b8d0000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: fffff52000000000 CR3: 0000000009879000 CR4: 00000000000606b0
Call Trace:
 memcpy+0x39/0x60 mm/kasan/common.c:107
 memcpy include/linux/string.h:381 [inline]
 pcpu_page_first_chunk+0x590/0x6f0 mm/percpu.c:2888
 setup_per_cpu_areas+0x1a3/0x631 arch/x86/kernel/setup_percpu.c:214
 start_kernel+0x324/0x9ba init/main.c:854
 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:242
Modules linked in:
CR2: fffff52000000000
random: get_random_bytes called from init_oops_id kernel/panic.c:528 [inline] with crng_init=0
random: get_random_bytes called from init_oops_id kernel/panic.c:525 [inline] with crng_init=0
random: get_random_bytes called from print_oops_end_marker+0x36/0x50 kernel/panic.c:538 with crng_init=0
---[ end trace 58d96ce325734210 ]---

Reported-by: Brad Spengler <@spendergrsec>

Note You need to log in before you can comment on or make changes to this bug.