[Bug 282268] linker_load_module() panics with KASAN after post-panic reboot

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 22 Oct 2024 12:30:41 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282268

            Bug ID: 282268
           Summary: linker_load_module() panics with KASAN after
                    post-panic reboot
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: christos@freebsd.org

Created attachment 254444
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=254444&action=edit
linker_load_module() disassembly

This is a relatively consistent bug, although it does not have a 100%
reproduction rate. What I usually do is the following:

1. Boot into a KASAN kernel.
2. Panic the kernel somehow and reboot.
3. During the reboot, it is likely that linker_load_module() will panic when
rc(8) is trying to load the modules.

I have also attached the linker_load_module() disassembly.

Sample panic message:

Loading kernel modules:
panic: ASan: Invalid access, 4-byte read at 0xfffffe0047935020,
MallocRedZone(fb)
cpuid = 1
time = 1729606284
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0xa5/frame 0xfffffe0046c3f070
kdb_backtrace() at kdb_backtrace+0xc6/frame 0xfffffe0046c3f1d0
vpanic() at vpanic+0x226/frame 0xfffffe0046c3f370
panic() at panic+0xb5/frame 0xfffffe0046c3f440
kasan_code_name() at kasan_code_name/frame 0xfffffe0046c3f510
linker_load_module() at linker_load_module+0xe03/frame 0xfffffe0046c3fbb0
kern_kldload() at kern_kldload+0x233/frame 0xfffffe0046c3fc70
sys_kldload() at sys_kldload+0xd2/frame 0xfffffe0046c3fd10
amd64_syscall() at amd64_syscall+0x39e/frame 0xfffffe0046c3ff30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe0046c3ff30
--- syscall (304, FreeBSD ELF64, kldload), rip = 0x311d0dce37da, rsp =
0x311d0c9d2428, rbp = 0x311d0c9d29a0 ---
KDB: enter: panic
[ thread pid 92 tid 100096 ]
Stopped at      kdb_enter+0x34: movq    $0,0x1f09b11(%rip)
db>

-- 
You are receiving this mail because:
You are the assignee for the bug.