search

intel / ccc-linux-guest-hardening

Linux Security Hardening for Confidential Compute
https://intel.github.io/ccc-linux-guest-hardening-docs
MIT License
66 stars 14 forks source link

KASAN: null-ptr-deref in range [x-y] RIP: try_module_get #102

Open ereshetova opened 1 year ago

ereshetova commented 1 year ago

Found in 6.0-rc2 via BOOT_VIRTIO_BLK_PROBE harness.

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT DEBUG_PAGEALLOC KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 1 Comm: swapper Not tainted 6.0.0-rc2-g1d588de205f8 #1 RIP: 0010:try_module_get (kernel/module/main.c:829) Code: 1a 48 c7 83 b8 00 00 00 00 00 01 00 00 00 5c 5d c3 4c 89 e7 e8 7d 37 35 00 eb 01 00 00 00 e8 13 38 35 00 eb dc 90 55 48 89 e5 <01> 00 00 00 01 00 00 00 41 54 53 48 83 ec 08 48 01 00 00 00 b5 00

All code

0: 1a 48 c7 sbb -0x39(%rax),%cl 3: 83 b8 00 00 00 00 00 cmpl $0x0,0x0(%rax) a: 01 00 add %eax,(%rax) c: 00 00 add %al,(%rax) e: 5c pop %rsp f: 5d pop %rbp 10: c3 retq
11: 4c 89 e7 mov %r12,%rdi 14: e8 7d 37 35 00 callq 0x353796 19: eb 01 jmp 0x1c 1b: 00 00 add %al,(%rax) 1d: 00 e8 add %ch,%al 1f: 13 38 adc (%rax),%edi 21: 35 00 eb dc 90 xor $0x90dceb00,%eax 26: 55 push %rbp 27: 48 89 e5 mov %rsp,%rbp 2a:* 01 00 add %eax,(%rax) <-- trapping instruction 2c: 00 00 add %al,(%rax) 2e: 01 00 add %eax,(%rax) 30: 00 00 add %al,(%rax) 32: 41 54 push %r12 34: 53 push %rbx 35: 48 83 ec 08 sub $0x8,%rsp 39: 48 01 00 add %rax,(%rax) 3c: 00 00 add %al,(%rax) 3e: b5 00 mov $0x0,%ch

Code starting with the faulting instruction

0: 01 00 add %eax,(%rax) 2: 00 00 add %al,(%rax) 4: 01 00 add %eax,(%rax) 6: 00 00 add %al,(%rax) 8: 41 54 push %r12 a: 53 push %rbx b: 48 83 ec 08 sub $0x8,%rsp f: 48 01 00 add %rax,(%rax) 12: 00 00 add %al,(%rax) 14: b5 00 mov $0x0,%ch RSP: 0000:ffffc9000001f6c8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888009f61400 RCX: 0000000000000000 RDX: 1ffff110013ec2a8 RSI: ffff888009f61400 RDI: 0000000000000000 RBP: ffffc9000001f6c8 R08: ffffffff8157f1f6 R09: ffff888021869db0 R10: ffffffff8157bcbd R11: ffffffff8157f2a7 R12: 000000000000000a R13: ffff888009f61400 R14: ffff888009f61418 R15: ffff8880096e6418 FS: 0000000000000000(0000) GS:ffffffff83cab000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff88802dffb000 CR3: 0000000003c32001 CR4: 00000000001706f0 Call Trace:

__setup_irq (kernel/irq/manage.c:1508) ? __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525) ? kmem_cache_alloc_trace (mm/slub.c:3286) request_threaded_irq (kernel/irq/manage.c:2198) vp_find_vqs_msix (include/linux/interrupt.h:168 drivers/virtio/virtio_pci_common.c:144 drivers/virtio/virtio_pci_common.c:310) vp_find_vqs (drivers/virtio/virtio_pci_common.c:411) ? vsprintf (lib/vsprintf.c:2912) vp_modern_find_vqs (drivers/virtio/virtio_pci_modern.c:357) init_vq.cold (include/linux/virtio_config.h:227 drivers/block/virtio_blk.c:664) ? kafl_fuzz_buffer (arch/x86/coco/tdx/kafl-agent.c:438 arch/x86/coco/tdx/kafl-agent.c:495) ? virtblk_add_req (drivers/block/virtio_blk.c:602) ? kmem_cache_alloc_trace (mm/slub.c:3286) __virtblk_probe (drivers/block/virtio_blk.c:934) ? memset (mm/kasan/shadow.c:48) ? kafl_agent_init (arch/x86/coco/tdx/kafl-agent.c:290) ? virtblk_getgeo (drivers/block/virtio_blk.c:888) virtblk_probe (drivers/block/virtio_blk.c:1114) virtio_dev_probe (drivers/virtio/virtio.c:307) ? sysfs_create_link (fs/sysfs/symlink.c:93) really_probe (drivers/base/dd.c:530 drivers/base/dd.c:614) __driver_probe_device (drivers/base/dd.c:753) driver_probe_device (drivers/base/dd.c:783) __driver_attach (drivers/base/dd.c:1156) ? __device_attach_driver (drivers/base/base.h:147 drivers/base/dd.c:1120) bus_for_each_dev (drivers/base/bus.c:300) ? subsys_dev_iter_exit (drivers/base/bus.c:290) ? __kasan_check_write (mm/kasan/shadow.c:38) ? klist_node_init (arch/x86/include/asm/atomic.h:41 include/linux/atomic/atomic-instrumented.h:42 include/linux/refcount.h:136 include/linux/kref.h:31 lib/klist.c:111) driver_attach (drivers/base/dd.c:1173) bus_add_driver (drivers/base/bus.c:618) driver_register (drivers/base/driver.c:240) register_virtio_driver (drivers/virtio/virtio.c:360) virtio_blk_init (drivers/block/virtio_blk.c:1230) ? loop_init (drivers/block/virtio_blk.c:1217) do_one_initcall (init/main.c:1421) ? initcall_blacklisted (init/main.c:1394) ? parameq (kernel/params.c:98) ? __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525) ? __kmalloc (include/linux/kasan.h:234 mm/slub.c:4424) kernel_init_freeable (init/main.c:1509 init/main.c:1531 init/main.c:1553 init/main.c:1768) ? rest_init (init/main.c:1644) kernel_init (init/main.c:1654) ret_from_fork (arch/x86/entry/entry_64.S:312)

Modules linked in: ---[ end trace 0000000000000000 ]---

ereshetova commented 1 year ago

Likely related one:

WARNING: CPU: 0 PID: 1 at arch/x86/mm/ioremap.c:223 __ioremap_caller (arch/x86/mm/ioremap.c:223 (discriminator 3)) Modules linked in: CPU: 0 PID: 1 Comm: swapper Not tainted 6.0.0-rc2-g1d588de205f8 #1 RIP: 0010:__ioremap_caller (arch/x86/mm/ioremap.c:223 (discriminator 3)) Code: 4c 8b 85 20 ff ff ff 49 09 c0 e9 4c fd ff ff 48 8d 53 a0 48 8d 73 c0 48 c7 c7 e0 1d 45 83 c6 05 1f db e8 03 01 e8 90 26 d9 01 <0f> 0b 45 31 ed e9 29 fe ff ff 48 c7 c7 3d 9e f8 84 e8 75 84 49 00 All code

0: 4c 8b 85 20 ff ff ff mov -0xe0(%rbp),%r8 7: 49 09 c0 or %rax,%r8 a: e9 4c fd ff ff jmpq 0xfffffffffffffd5b f: 48 8d 53 a0 lea -0x60(%rbx),%rdx 13: 48 8d 73 c0 lea -0x40(%rbx),%rsi 17: 48 c7 c7 e0 1d 45 83 mov $0xffffffff83451de0,%rdi 1e: c6 05 1f db e8 03 01 movb $0x1,0x3e8db1f(%rip) # 0x3e8db44 25: e8 90 26 d9 01 callq 0x1d926ba 2a:* 0f 0b ud2 <-- trapping instruction 2c: 45 31 ed xor %r13d,%r13d 2f: e9 29 fe ff ff jmpq 0xfffffffffffffe5d 34: 48 c7 c7 3d 9e f8 84 mov $0xffffffff84f89e3d,%rdi 3b: e8 75 84 49 00 callq 0x4984b5

Code starting with the faulting instruction

0: 0f 0b ud2
2: 45 31 ed xor %r13d,%r13d 5: e9 29 fe ff ff jmpq 0xfffffffffffffe33 a: 48 c7 c7 3d 9e f8 84 mov $0xffffffff84f89e3d,%rdi 11: e8 75 84 49 00 callq 0x49848b RSP: 0000:ffffc9000001f498 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffffc9000001f570 RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000000 RDI: fffff52000003e85 RBP: ffffc9000001f598 R08: 0000000000000000 R09: 00000000ffffffea R10: ffffc9000001f1a7 R11: fffff52000003e34 R12: 000000000080c000 R13: 0000000000000003 R14: 00000000000055e0 R15: 00000000008115df FS: 0000000000000000(0000) GS:ffffffff83cab000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff88802dffb000 CR3: 0000000003c32001 CR4: 00000000001706f0 Call Trace:

? pci_read (arch/x86/pci/common.c:64) ? __pci_enable_msix_range (drivers/pci/msi/msi.c:503 drivers/pci/msi/msi.c:636 drivers/pci/msi/msi.c:836 drivers/pci/msi/msi.c:961) ? __ioremap_collect_map_flags (arch/x86/mm/ioremap.c:193) ? pci_write_config_word (drivers/pci/access.c:572) ? pci_bus_read_config_word (drivers/pci/access.c:68) ? pci_msi_vec_count (drivers/pci/msi/msi.c:788) ioremap_driver_hardened (arch/x86/mm/ioremap.c:432) __pci_enable_msix_range (drivers/pci/msi/msi.c:503 drivers/pci/msi/msi.c:636 drivers/pci/msi/msi.c:836 drivers/pci/msi/msi.c:961) ? kernel_init_freeable (init/main.c:1509 init/main.c:1531 init/main.c:1553 init/main.c:1768) ? kernel_init (init/main.c:1654) ? ret_from_fork (arch/x86/entry/entry_64.S:312) ? pci_irq_get_affinity (drivers/pci/msi/msi.c:941) ? alloc_debug_processing (mm/slub.c:1340) ? ___slab_alloc (mm/slub.c:3096) ? kasan_save_stack (mm/kasan/common.c:40) pci_alloc_irq_vectors_affinity (drivers/pci/msi/msi.c:1032) ? pci_enable_msix_range (drivers/pci/msi/msi.c:1017) ? __kmalloc (include/linux/kasan.h:234 mm/slub.c:4424) vp_find_vqs_msix (drivers/virtio/virtio_pci_common.c:134 drivers/virtio/virtio_pci_common.c:310) ? pointer (lib/vsprintf.c:2713) vp_find_vqs (drivers/virtio/virtio_pci_common.c:407) ? vsprintf (lib/vsprintf.c:2912) vp_modern_find_vqs (drivers/virtio/virtio_pci_modern.c:357) init_vq.cold (include/linux/virtio_config.h:227 drivers/block/virtio_blk.c:664) ? kafl_fuzz_buffer (arch/x86/coco/tdx/kafl-agent.c:438 arch/x86/coco/tdx/kafl-agent.c:495) ? virtblk_add_req (drivers/block/virtio_blk.c:602) ? kmem_cache_alloc_trace (mm/slub.c:3286) __virtblk_probe (drivers/block/virtio_blk.c:934) ? memset (mm/kasan/shadow.c:48) ? kafl_agent_init (arch/x86/coco/tdx/kafl-agent.c:290) ? virtblk_getgeo (drivers/block/virtio_blk.c:888) virtblk_probe (drivers/block/virtio_blk.c:1114) virtio_dev_probe (drivers/virtio/virtio.c:307) ? sysfs_create_link (fs/sysfs/symlink.c:93) really_probe (drivers/base/dd.c:530 drivers/base/dd.c:614) __driver_probe_device (drivers/base/dd.c:753) driver_probe_device (drivers/base/dd.c:783) __driver_attach (drivers/base/dd.c:1156) ? __device_attach_driver (drivers/base/base.h:147 drivers/base/dd.c:1120) bus_for_each_dev (drivers/base/bus.c:300) ? subsys_dev_iter_exit (drivers/base/bus.c:290) ? __kasan_check_write (mm/kasan/shadow.c:38) ? klist_node_init (arch/x86/include/asm/atomic.h:41 include/linux/atomic/atomic-instrumented.h:42 include/linux/refcount.h:136 include/linux/kref.h:31 lib/klist.c:111) driver_attach (drivers/base/dd.c:1173) bus_add_driver (drivers/base/bus.c:618) driver_register (drivers/base/driver.c:240) register_virtio_driver (drivers/virtio/virtio.c:360) virtio_blk_init (drivers/block/virtio_blk.c:1230) ? loop_init (drivers/block/virtio_blk.c:1217) do_one_initcall (init/main.c:1421) ? initcall_blacklisted (init/main.c:1394) ? parameq (kernel/params.c:98) ? __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525) ? __kmalloc (include/linux/kasan.h:234 mm/slub.c:4424) kernel_init_freeable (init/main.c:1509 init/main.c:1531 init/main.c:1553 init/main.c:1768) ? rest_init (init/main.c:1644) kernel_init (init/main.c:1654) ret_from_fork (arch/x86/entry/entry_64.S:312)

---[ end trace 0000000000000000 ]--- general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT DEBUG_PAGEALLOC KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 1 Comm: swapper Tainted: G W 6.0.0-rc2-g1d588de205f8 #1 RIP: 0010:try_module_get (kernel/module/main.c:829) Code: 1a 48 c7 83 b8 00 00 00 00 00 01 00 00 00 5c 5d c3 4c 89 e7 e8 7d 37 35 00 eb 01 00 00 00 e8 13 38 35 00 eb dc 90 55 48 89 e5 <01> 00 00 00 01 00 00 00 41 54 53 48 83 ec 08 48 01 00 00 00 b5 00

All code

0: 1a 48 c7 sbb -0x39(%rax),%cl 3: 83 b8 00 00 00 00 00 cmpl $0x0,0x0(%rax) a: 01 00 add %eax,(%rax) c: 00 00 add %al,(%rax) e: 5c pop %rsp f: 5d pop %rbp 10: c3 retq
11: 4c 89 e7 mov %r12,%rdi 14: e8 7d 37 35 00 callq 0x353796 19: eb 01 jmp 0x1c 1b: 00 00 add %al,(%rax) 1d: 00 e8 add %ch,%al 1f: 13 38 adc (%rax),%edi 21: 35 00 eb dc 90 xor $0x90dceb00,%eax 26: 55 push %rbp 27: 48 89 e5 mov %rsp,%rbp 2a:* 01 00 add %eax,(%rax) <-- trapping instruction 2c: 00 00 add %al,(%rax) 2e: 01 00 add %eax,(%rax) 30: 00 00 add %al,(%rax) 32: 41 54 push %r12 34: 53 push %rbx 35: 48 83 ec 08 sub $0x8,%rsp 39: 48 01 00 add %rax,(%rax) 3c: 00 00 add %al,(%rax) 3e: b5 00 mov $0x0,%ch

Code starting with the faulting instruction

0: 01 00 add %eax,(%rax) 2: 00 00 add %al,(%rax) 4: 01 00 add %eax,(%rax) 6: 00 00 add %al,(%rax) 8: 41 54 push %r12 a: 53 push %rbx b: 48 83 ec 08 sub $0x8,%rsp f: 48 01 00 add %rax,(%rax) 12: 00 00 add %al,(%rax) 14: b5 00 mov $0x0,%ch RSP: 0000:ffffc9000001f6c8 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff888009f61400 RCX: 0000000000000000 RDX: 1ffff110013ec2a8 RSI: ffff888009f61400 RDI: 0000000000000000 RBP: ffffc9000001f6c8 R08: ffffffff8100c44f R09: ffff888021869db0 R10: ffffffff84fb2662 R11: ffffffff82f4faf9 R12: 000000000000000a R13: ffff888009f61400 R14: ffff888009f61418 R15: ffff8880096e6418 FS: 0000000000000000(0000) GS:ffffffff83cab000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff88802dffb000 CR3: 0000000003c32001 CR4: 00000000001706f0 Call Trace:

__setup_irq (kernel/irq/manage.c:1508) ? __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525) ? kmem_cache_alloc_trace (mm/slub.c:3286) request_threaded_irq (kernel/irq/manage.c:2198) vp_find_vqs_msix (include/linux/interrupt.h:168 drivers/virtio/virtio_pci_common.c:144 drivers/virtio/virtio_pci_common.c:310) vp_find_vqs (drivers/virtio/virtio_pci_common.c:411) ? vsprintf (lib/vsprintf.c:2912) vp_modern_find_vqs (drivers/virtio/virtio_pci_modern.c:357) init_vq.cold (include/linux/virtio_config.h:227 drivers/block/virtio_blk.c:664) ? kafl_fuzz_buffer (arch/x86/coco/tdx/kafl-agent.c:438 arch/x86/coco/tdx/kafl-agent.c:495) ? virtblk_add_req (drivers/block/virtio_blk.c:602) ? kmem_cache_alloc_trace (mm/slub.c:3286) __virtblk_probe (drivers/block/virtio_blk.c:934) ? memset (mm/kasan/shadow.c:48) ? kafl_agent_init (arch/x86/coco/tdx/kafl-agent.c:290) ? virtblk_getgeo (drivers/block/virtio_blk.c:888) virtblk_probe (drivers/block/virtio_blk.c:1114) virtio_dev_probe (drivers/virtio/virtio.c:307) ? sysfs_create_link (fs/sysfs/symlink.c:93) really_probe (drivers/base/dd.c:530 drivers/base/dd.c:614) __driver_probe_device (drivers/base/dd.c:753) driver_probe_device (drivers/base/dd.c:783) __driver_attach (drivers/base/dd.c:1156) ? __device_attach_driver (drivers/base/base.h:147 drivers/base/dd.c:1120) bus_for_each_dev (drivers/base/bus.c:300) ? subsys_dev_iter_exit (drivers/base/bus.c:290) ? __kasan_check_write (mm/kasan/shadow.c:38) ? klist_node_init (arch/x86/include/asm/atomic.h:41 include/linux/atomic/atomic-instrumented.h:42 include/linux/refcount.h:136 include/linux/kref.h:31 lib/klist.c:111) driver_attach (drivers/base/dd.c:1173) bus_add_driver (drivers/base/bus.c:618) driver_register (drivers/base/driver.c:240) register_virtio_driver (drivers/virtio/virtio.c:360) virtio_blk_init (drivers/block/virtio_blk.c:1230) ? loop_init (drivers/block/virtio_blk.c:1217) do_one_initcall (init/main.c:1421) ? initcall_blacklisted (init/main.c:1394) ? parameq (kernel/params.c:98) ? __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525) ? __kmalloc (include/linux/kasan.h:234 mm/slub.c:4424) kernel_init_freeable (init/main.c:1509 init/main.c:1531 init/main.c:1553 init/main.c:1768) ? rest_init (init/main.c:1644) kernel_init (init/main.c:1654) ret_from_fork (arch/x86/entry/entry_64.S:312)

Modules linked in: ---[ end trace 0000000000000000 ]---

ereshetova commented 1 year ago

Likely another related one, which was found on the same kernel but with BPH_P9_VIRTIO_PROBE harness:

general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT DEBUG_PAGEALLOC KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 1 Comm: swapper Not tainted 6.0.0-rc2-g1d588de205f8 #1 RIP: 0010:tdx_fuzz (arch/x86/coco/tdx/kafl-agent.c:523) Code: ff ff 4c 89 55 c0 48 89 45 c8 48 89 75 d0 e8 c7 58 57 00 4c 8b 55 c0 48 8b 45 c8 48 8b 75 d0 e9 3f ff ff ff 66 0f 1f 44 00 00 <00> 00 e0 fe 00 00 00 00 ef 00 00 00 00 00 00 00 00 00 e0 fe 00 00 All code

0: ff (bad)
1: ff 4c 89 55 decl 0x55(%rcx,%rcx,4) 5: c0 48 89 45 rorb $0x45,-0x77(%rax) 9: c8 48 89 75 enterq $0x8948,$0x75 d: d0 e8 shr %al f: c7 (bad)
10: 58 pop %rax 11: 57 push %rdi 12: 00 4c 8b 55 add %cl,0x55(%rbx,%rcx,4) 16: c0 48 8b 45 rorb $0x45,-0x75(%rax) 1a: c8 48 8b 75 enterq $0x8b48,$0x75 1e: d0 e9 shr %cl 20: 3f (bad)
21: ff (bad)
22: ff (bad)
23: ff 66 0f jmpq 0xf(%rsi) 26: 1f (bad)
27: 44 00 00 add %r8b,(%rax) 2a: 00 00 add %al,(%rax) <-- trapping instruction 2c: e0 fe loopne 0x2c 2e: 00 00 add %al,(%rax) 30: 00 00 add %al,(%rax) 32: ef out %eax,(%dx) ... 3b: 00 e0 add %ah,%al 3d: fe 00 incb (%rax) ...

Code starting with the faulting instruction

0: 00 00 add %al,(%rax) 2: e0 fe loopne 0x2 4: 00 00 add %al,(%rax) 6: 00 00 add %al,(%rax) 8: ef out %eax,(%dx) ... 11: 00 e0 add %ah,%al 13: fe 00 incb (%rax) ... RSP: 0000:ffffc9000001f1a8 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: 1ffff92000003e3a RCX: 0000000000000002 RDX: 0000000000000002 RSI: 0000000000000cfc RDI: 0000000000000407 RBP: ffffc9000001f278 R08: ffffc90000071048 R09: 000000000000000a R10: ffffc9000001f428 R11: 0000000000000000 R12: ffffc9000001f388 R13: 000000000001ffff R14: ffffc9000001f250 R15: ffffc9000001f3d8 FS: 0000000000000000(0000) GS:ffffffff83cab000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffff88802dffb000 CR3: 0000000003c32001 CR4: 00000000001706f0 Call Trace:

? handle_io (arch/x86/coco/tdx/tdx.c:826 arch/x86/coco/tdx/tdx.c:869) ? tdx_write_msr (arch/x86/coco/tdx/tdx.c:856) ? __trace_tdx_module_call (arch/x86/coco/tdx/tdx.c:86) ? __kasan_check_write (mm/kasan/shadow.c:38) ? down_write (arch/x86/include/asm/atomic64_64.h:34 include/linux/atomic/atomic-long.h:41 include/linux/atomic/atomic-instrumented.h:1280 kernel/locking/rwsem.c:139 kernel/locking/rwsem.c:256 kernel/locking/rwsem.c:1296 kernel/locking/rwsem.c:1306 kernel/locking/rwsem.c:1553) tdx_handle_virt_exception (arch/x86/coco/tdx/tdx.c:972 arch/x86/coco/tdx/tdx.c:986) ? tdx_get_ve_info (arch/x86/coco/tdx/tdx.c:153 arch/x86/coco/tdx/tdx.c:919) ? tdx_get_ve_info (arch/x86/coco/tdx/tdx.c:980) exc_virtualization_exception (arch/x86/kernel/traps.c:1441 arch/x86/kernel/traps.c:1422) asm_exc_virtualization_exception (arch/x86/include/asm/idtentry.h:636) RIP: 0010:pci_conf1_read (arch/x86/include/asm/shared/io.h:23 arch/x86/pci/direct.c:44) Code: ca 7c d3 84 c9 74 cf 4c 89 cf 89 45 cc 4c 89 4d d0 e8 2e 89 71 fe 8b 45 cc 4c 8b 4d d0 eb b7 41 83 e5 02 41 8d 95 fc 0c 00 00 <66> ed 48 ba 00 00 00 00 00 fc ff df 4c 89 c9 0f b7 c0 48 c1 e9 03 All code 0: ca 7c d3 lret $0xd37c 3: 84 c9 test %cl,%cl 5: 74 cf je 0xffffffffffffffd6 7: 4c 89 cf mov %r9,%rdi a: 89 45 cc mov %eax,-0x34(%rbp) d: 4c 89 4d d0 mov %r9,-0x30(%rbp) 11: e8 2e 89 71 fe callq 0xfffffffffe718944 16: 8b 45 cc mov -0x34(%rbp),%eax 19: 4c 8b 4d d0 mov -0x30(%rbp),%r9 1d: eb b7 jmp 0xffffffffffffffd6 1f: 41 83 e5 02 and $0x2,%r13d 23: 41 8d 95 fc 0c 00 00 lea 0xcfc(%r13),%edx 2a:* 66 ed in (%dx),%ax <-- trapping instruction 2c: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 33: fc ff df 36: 4c 89 c9 mov %r9,%rcx 39: 0f b7 c0 movzwl %ax,%eax 3c: 48 c1 e9 03 shr $0x3,%rcx Code starting with the faulting instruction 0: 66 ed in (%dx),%ax 2: 48 ba 00 00 00 00 00 movabs $0xdffffc0000000000,%rdx 9: fc ff df c: 4c 89 c9 mov %r9,%rcx f: 0f b7 c0 movzwl %ax,%eax 12: 48 c1 e9 03 shr $0x3,%rcx RSP: 0000:ffffc9000001f488 EFLAGS: 00000046 RAX: 0000000080000000 RBX: 0000000000000000 RCX: 1ffffffff0ac19f4 RDX: 0000000000000cfc RSI: 0000000000000000 RDI: ffff88802c448850 RBP: ffffc9000001f4c0 R08: 0000000000000002 R09: ffffc9000001f570 R10: ffffc9000001f62f R11: fffff52000003ec5 R12: 0000000000000297 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000002 ? pci_conf1_read (arch/x86/pci/direct.c:33) raw_pci_read (arch/x86/pci/common.c:48) pci_read (arch/x86/pci/common.c:64) pci_bus_read_config_word (drivers/pci/access.c:67 (discriminator 2)) ? pci_bus_read_config_byte (drivers/pci/access.c:67) pci_read_config_word (drivers/pci/access.c:545) ? __kasan_check_write (mm/kasan/shadow.c:38) pci_intx (drivers/pci/pci.c:4638) ? __mutex_unlock_slowpath (kernel/locking/mutex.c:538) ? pcim_pin_device (drivers/pci/pci.c:4632) ? msi_domain_alloc_irqs_descs_locked (kernel/irq/msi.c:953) __pci_enable_msix_range (drivers/pci/msi/msi.c:238 drivers/pci/msi/msi.c:649 drivers/pci/msi/msi.c:836 drivers/pci/msi/msi.c:961) ? ret_from_fork (arch/x86/entry/entry_64.S:312) ? pci_irq_get_affinity (drivers/pci/msi/msi.c:941) ? alloc_debug_processing (mm/slub.c:1340) ? ___slab_alloc (mm/slub.c:3096) pci_alloc_irq_vectors_affinity (drivers/pci/msi/msi.c:1032) ? pci_enable_msix_range (drivers/pci/msi/msi.c:1017) ? __kmalloc (include/linux/kasan.h:234 mm/slub.c:4424) vp_find_vqs_msix (drivers/virtio/virtio_pci_common.c:134 drivers/virtio/virtio_pci_common.c:310) ? alloc_debug_processing (mm/slub.c:1340) ? p9_virtio_probe (include/linux/slab.h:600 net/9p/trans_virtio.c:605) vp_find_vqs (drivers/virtio/virtio_pci_common.c:407) vp_modern_find_vqs (drivers/virtio/virtio_pci_modern.c:357) p9_virtio_probe (include/linux/virtio_config.h:216 net/9p/trans_virtio.c:615) ? __this_cpu_preempt_check (lib/smp_processor_id.c:67) ? opt_pre_handler (kernel/kprobes.c:426) ? req_done (net/9p/trans_virtio.c:593) ? optimized_callback (arch/x86/include/asm/preempt.h:103 (discriminator 22) arch/x86/kernel/kprobes/opt.c:202 (discriminator 22)) ? 0xffffffffa0002039 ? p9_virtio_remove (net/9p/trans_virtio.c:130) trace_clock_x86_tsc (??:?) ? sysfs_create_link (fs/sysfs/symlink.c:93) really_probe (drivers/base/dd.c:530 drivers/base/dd.c:614) __driver_probe_device (drivers/base/dd.c:753) driver_probe_device (drivers/base/dd.c:783) __driver_attach (drivers/base/dd.c:1156) ? __device_attach_driver (drivers/base/base.h:147 drivers/base/dd.c:1120) bus_for_each_dev (drivers/base/bus.c:300) ? subsys_dev_iter_exit (drivers/base/bus.c:290) ? __kasan_check_write (mm/kasan/shadow.c:38) ? klist_node_init (arch/x86/include/asm/atomic.h:41 include/linux/atomic/atomic-instrumented.h:42 include/linux/refcount.h:136 include/linux/kref.h:31 lib/klist.c:111) driver_attach (drivers/base/dd.c:1173) bus_add_driver (drivers/base/bus.c:618) driver_register (drivers/base/driver.c:240) register_virtio_driver (drivers/virtio/virtio.c:360) ? p9_trans_fd_init (net/9p/trans_virtio.c:811) p9_virtio_init (net/9p/trans_virtio.c:817) ? p9_trans_fd_init (net/9p/trans_virtio.c:811) do_one_initcall (init/main.c:1421) ? initcall_blacklisted (init/main.c:1394) ? parameq (kernel/params.c:98) ? __kasan_kmalloc (mm/kasan/common.c:45 mm/kasan/common.c:437 mm/kasan/common.c:516 mm/kasan/common.c:525) ? __kmalloc (include/linux/kasan.h:234 mm/slub.c:4424) kernel_init_freeable (init/main.c:1509 init/main.c:1531 init/main.c:1553 init/main.c:1768) ? rest_init (init/main.c:1644) kernel_init (init/main.c:1654) ret_from_fork (arch/x86/entry/entry_64.S:312)

Modules linked in: ---[ end trace 0000000000000000 ]---