search

kmod-project / kmod

kmod - Linux kernel module handling
GNU Lesser General Public License v2.1
40 stars 34 forks source link

Segmentation fault when running depmod/kmod #26

Open martinclauss opened 1 year ago

martinclauss commented 1 year ago

Hi :)

I first reported the bug here: https://bugs.archlinux.org/task/77868 but since it is an upstream issue, I want to report it here as well.

I built a custom Linux kernel with debugging information. If I'm correct the bug occurs when keeping the debug information in the modules. Excerpt from the PKGBUILD file (Arch Linux):

  echo "Installing modules..."
  make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP="--only-keep-debug" \
    DEPMOD=/doesnt/exist modules_install  # Suppress depmod

INSTALL_MOD_STRIP="--only-keep-debug" was INSTALL_MOD_STRIP=1 before the modification.

While running sudo pacman -U linux-dbg-6.2.6.arch1-1-x86_64.pkg.tar.zst and with

gdb -ex "set disassembly-flavor intel" -ex "run" -ex "bt full" -ex "info registers" -ex 'x/50i $pc' -ex 'x/50gx $sp' -args depmod -b "$BUILDROOT" "$KERNELVERSION"

(in /usr/lib/initcpio/functions and similar in /usr/share/libalpm/scripts/depmod) I get the following crash information:

Program received signal SIGSEGV, Segmentation fault.
0x000055555555943e in index_insert (node=0x555555fad950, 
    node@entry=0x555555fe4d60, 
    key=key@entry=0x7fffffffa9e0 "symbol:", <incomplete sequence \375>, 
    value=<optimized out>, priority=<optimized out>) at tools/depmod.c:290
290                 prefix[j] = '\0';
#0  0x000055555555943e in index_insert (node=0x555555fad950, 
    node@entry=0x555555fe4d60, 
    key=key@entry=0x7fffffffa9e0 "symbol:", <incomplete sequence \375>, 
    value=<optimized out>, priority=<optimized out>) at tools/depmod.c:290
        prefix = 0x7ffff79f0000 <argp_default_options+96> "m4\233\367\377\177"
        n = <optimized out>
        j = 0
        child = <optimized out>
        i = <optimized out>
        ch = 109
#1  0x000055555555b9a4 in output_symbols_bin (depmod=0x7fffffffaf90, 
    out=0x55555558a4f0) at tools/depmod.c:2352
        duplicate = <optimized out>
        sym = 0x5555556fefc0
        len = 2
        idx = 0x555555fe4d60
        alias = "symbol:\026\375\000\a\265\006\00055]\202\216(\234E\021I\243\235\020\006\000\177\000\000\002\000\000\000\000\000\000\000J\262\000 \000\000\000\000\020\307\aVUU\000\000\002\000\000\000\000\000\000\000\002\000\000\000\000\000\000\0001f\211\367\377\177\000\000\360\244XUUU\000\000\360\244XUUU\000\000\004\000\000\000\000\000\000\0001f\211\367\377\177\000\000\004\000\000\000\000\000\000\000x^\211\367\377\177\000\000\034\265\aVUU\000\000:\000\000\000\000\000\000\000 \344\236\367\377\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\0001f\211\367\377\177\000\000\360\244XUUU\000\000\360\244XUUU\000\000\004\000\000\000\000\000\000\000"...
        salias = {
          bytes = 0x7fffffffa9e0 "symbol:", <incomplete sequence \375>, 
          size = 1024, need_free = false}
        baselen = 7
        iter = {hash = 0x5555555824d0, bucket = 206, entry = 3}
        v = 0x5555556fefc0
        ret = 0
#2  0x00005555555678e2 in depmod_output (out=0x0, depmod=0x7fffffffaf90)
    at tools/depmod.c:2622
        fp = 0x55555558a4f0
        tmp = "modules.symbols.bin.35708.970794.1678954917", '\000' <repeats 211 times>
        r = <optimized out>
        ferr = <optimized out>
        dname = 0x7fffffffb208 "/tmp/mkinitcpio.Q7ebwH/root/lib/modules/6.2.6-arch1-1-dbg"
        dfd = <optimized out>
        err = 0
        tv = {tv_sec = 1678954917, tv_usec = 970794}
        itr = <optimized out>
        depfiles = <optimized out>
        dname = <optimized out>
        dfd = <optimized out>
        err = <optimized out>
        tv = <optimized out>
        fp = <optimized out>
        tmp = <optimized out>
        r = <optimized out>
        ferr = <optimized out>
        flags = <optimized out>
        mode = <optimized out>
        fd = <optimized out>
#3  do_depmod (argc=<optimized out>, argv=<optimized out>)
    at tools/depmod.c:3112
        out = 0x0
        err = 0
        all = <optimized out>
        maybe_all = <optimized out>
        n_config_paths = <optimized out>
        root = 0x55555557d2a0 "/tmp/mkinitcpio.Q7ebwH/root"
        config_paths = 0x0
        system_map = <optimized out>
        module_symvers = <optimized out>
        null_kmod_config = 0x0
        un = {sysname = '\000' <repeats 64 times>, 
          nodename = '\000' <repeats 64 times>, 
          release = '\000' <repeats 64 times>, 
          version = '\000' <repeats 64 times>, 
          machine = '\000' <repeats 64 times>, 
          domainname = '\000' <repeats 64 times>}
        ctx = 0x0
        cfg = {kversion = 0x7fffffffee0b "6.2.6-arch1-1-dbg", 
          dirname = "/tmp/mkinitcpio.Q7ebwH/root/lib/modules/6.2.6-arch1-1-dbg", '\000' <repeats 4038 times>, dirnamelen = 57, sym_prefix = 0 '\000', 
          check_symvers = 0 '\000', print_unknown = 0 '\000', 
          warn_dups = 0 '\000', overrides = 0x0, searches = 0x55555558b820, 
          externals = 0x0, excludes = 0x0}
        depmod = {cfg = 0x7fffffffb200, ctx = 0x55555557d2d0, modules = {
            array = 0x5555555cfac0, count = 624, total = 640, step = 128}, 
          modules_by_uncrelpath = 0x55555557e490, 
          modules_by_name = 0x5555555804b0, symbols = 0x5555555824d0}
#4  0x00007ffff783c790 in __libc_start_call_main (
    main=main@entry=0x5555555580f0 <main>, argc=argc@entry=4, 
    argv=argv@entry=0x7fffffffeb98)
    at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737488350104, 
                -7613084770232875294, 0, 140737488350144, 93824992389880, 
                140737354125312, 7613084769525253858, 7613067693730907874}, 
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffeb98, 
              0x4}, data = {prev = 0x0, cleanup = 0x0, canceltype = -5224}}}
        not_first_call = <optimized out>
#5  0x00007ffff783c84a in __libc_start_main_impl (main=0x5555555580f0 <main>, 
    argc=4, argv=0x7fffffffeb98, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffeb88)
    at ../csu/libc-start.c:360
No locals.
#6  0x0000555555558305 in _start () at ../sysdeps/x86_64/start.S:115
No locals.
rax            0x6d                109
rbx            0x7fffffffa9e9      140737488333289
rcx            0x0                 0
rdx            0x6d                109
rsi            0xfff79b34          4294417204
rdi            0x555555fadd68      93825003085160
rbp            0x0                 0x0
rsp            0x7fffffffa910      0x7fffffffa910
r8             0x20                32
r9             0x555555fb4f00      93825003114240
r10            0x555555fd7c50      93825003256912
r11            0x0                 0
r12            0x6d                109
r13            0x7ffff79f0000      140737347780608
r14            0x555555fad950      93825003084112
r15            0x9                 9
rip            0x55555555943e      0x55555555943e <index_insert+222>
eflags         0x10206             [ PF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
=> 0x55555555943e <index_insert+222>:   mov    BYTE PTR [r13+rbp*1+0x0],0x0
   0x555555559444 <index_insert+228>:   mov    ah,dl
   0x555555559446 <index_insert+230>:   mov    QWORD PTR [r14],r13
   0x555555559449 <index_insert+233>:   mov    edx,DWORD PTR [rsp+0x28]
   0x55555555944d <index_insert+237>:   mov    r10,QWORD PTR [rsp+0x18]
   0x555555559452 <index_insert+242>:   mov    WORD PTR [r14+0x10],ax
   0x555555559457 <index_insert+247>:   mov    QWORD PTR [r14+r12*8+0x18],r9
   0x55555555945c <index_insert+252>:   movsx  eax,BYTE PTR [rbx]
   0x55555555945f <index_insert+255>:   mov    esi,eax
   0x555555559461 <index_insert+257>:   test   eax,eax
   0x555555559463 <index_insert+259>:   
    je     0x555555559494 <index_insert+308>
   0x555555559465 <index_insert+261>:   movsxd rbx,eax
   0x555555559468 <index_insert+264>:   mov    rcx,QWORD PTR [r14+rbx*8+0x18]
   0x55555555946d <index_insert+269>:   test   rcx,rcx
   0x555555559470 <index_insert+272>:   
    je     0x5555555594b4 <index_insert+340>
   0x555555559472 <index_insert+274>:   add    edx,0x1
   0x555555559475 <index_insert+277>:   mov    r14,rcx
   0x555555559478 <index_insert+280>:   jmp    0x555555559380 <index_insert+32>
   0x55555555947d <index_insert+285>:   nop    DWORD PTR [rax]
   0x555555559480 <index_insert+288>:   lea    edx,[rdx+rax*1+0x1]
   0x555555559484 <index_insert+292>:   movsxd r15,edx
   0x555555559487 <index_insert+295>:   lea    rbx,[r10+r15*1]
   0x55555555948b <index_insert+299>:   movsx  eax,BYTE PTR [rbx]
   0x55555555948e <index_insert+302>:   mov    esi,eax
   0x555555559490 <index_insert+304>:   test   eax,eax
   0x555555559492 <index_insert+306>:   
    jne    0x555555559465 <index_insert+261>
   0x555555559494 <index_insert+308>:   mov    edx,DWORD PTR [rsp+0x2c]
   0x555555559498 <index_insert+312>:   mov    rsi,QWORD PTR [rsp+0x20]
   0x55555555949d <index_insert+317>:   add    rsp,0x38
   0x5555555594a1 <index_insert+321>:   lea    rdi,[r14+0x8]
   0x5555555594a5 <index_insert+325>:   pop    rbx
   0x5555555594a6 <index_insert+326>:   pop    rbp
   0x5555555594a7 <index_insert+327>:   pop    r12
   0x5555555594a9 <index_insert+329>:   pop    r13
   0x5555555594ab <index_insert+331>:   pop    r14
   0x5555555594ad <index_insert+333>:   pop    r15
   0x5555555594af <index_insert+335>:   jmp    0x555555559290 <index_add_value>
   0x5555555594b4 <index_insert+340>:   movzx  edx,BYTE PTR [r14+0x10]
   0x5555555594b9 <index_insert+345>:   cmp    edx,eax
   0x5555555594bb <index_insert+347>:   
    jle    0x5555555594c1 <index_insert+353>
   0x5555555594bd <index_insert+349>:   mov    BYTE PTR [r14+0x10],al
   0x5555555594c1 <index_insert+353>:   movzx  edx,BYTE PTR [r14+0x11]
   0x5555555594c6 <index_insert+358>:   cmp    edx,eax
   0x5555555594c8 <index_insert+360>:   
    jge    0x5555555594ce <index_insert+366>
   0x5555555594ca <index_insert+362>:   mov    BYTE PTR [r14+0x11],sil
   0x5555555594ce <index_insert+366>:   mov    QWORD PTR [rsp+0x8],r10
   0x5555555594d3 <index_insert+371>:   mov    esi,0x1
   0x5555555594d8 <index_insert+376>:   mov    edi,0x418
   0x5555555594dd <index_insert+381>:   
    call   QWORD PTR [rip+0x2279d]        # 0x55555557bc80
   0x5555555594e3 <index_insert+387>:   mov    r10,QWORD PTR [rsp+0x8]
0x7fffffffa910: 0x0000555555f8cf48  0x0000000000000000
0x7fffffffa920: 0x0000555555fb4f00  0x00007fffffffa9e0
0x7fffffffa930: 0x00005555555ab118  0x0000001e00000009
0x7fffffffa940: 0x0000555555573cb2  0x0000555555fe4d60
0x7fffffffa950: 0x0000000000000002  0x00007fffffffa9a8
0x7fffffffa960: 0x00005555556fefd0  0x00007fffffffaf90
0x7fffffffa970: 0x00005555556fefc0  0x000055555555b9a4
0x7fffffffa980: 0x0000000000000004  0x00007fffffffa9b0
0x7fffffffa990: 0x00007fffffffa9e0  0x000055555558a4f0
0x7fffffffa9a0: 0x0000555555fa7bbc  0x00005555556fefc0
0x7fffffffa9b0: 0x00005555555824d0  0x00000003000000ce
0x7fffffffa9c0: 0x00007fffffffa9e0  0x0000000000000400
0x7fffffffa9d0: 0x000055555558a400  0x000055555558a4f0
0x7fffffffa9e0: 0x163a6c6f626d7973  0x35350006b50700fd
0x7fffffffa9f0: 0x4911459c288e825d  0x00007f0006109da3
0x7fffffffaa00: 0x0000000000000002  0x000000002000b24a
0x7fffffffaa10: 0x000055555607c710  0x0000000000000002
0x7fffffffaa20: 0x0000000000000002  0x00007ffff7896631
0x7fffffffaa30: 0x000055555558a4f0  0x000055555558a4f0
0x7fffffffaa40: 0x0000000000000004  0x00007ffff7896631
0x7fffffffaa50: 0x0000000000000004  0x00007ffff7895e78
0x7fffffffaa60: 0x000055555607b51c  0x000000000000003a
0x7fffffffaa70: 0x00007ffff79ee420  0x0000000000000000
0x7fffffffaa80: 0x0000000000000001  0x00007ffff7896631
0x7fffffffaa90: 0x000055555558a4f0  0x000055555558a4f0

and

Program received signal SIGSEGV, Segmentation fault.
index_insert (node=0x20, node@entry=0x555558ca97d0, 
    key=key@entry=0x7fffffffa9f0 "symbol:\362=", value=<optimized out>, 
    priority=<optimized out>) at tools/depmod.c:276
276         for (j = 0; node->prefix[j]; j++) {
#0  index_insert (node=0x20, node@entry=0x555558ca97d0, 
    key=key@entry=0x7fffffffa9f0 "symbol:\362=", value=<optimized out>, 
    priority=<optimized out>) at tools/depmod.c:276
        j = 0
        child = <optimized out>
        i = 8
        ch = <optimized out>
#1  0x000055555555b9a4 in output_symbols_bin (depmod=0x7fffffffafa0, 
    out=0x555558892c50) at tools/depmod.c:2352
        duplicate = <optimized out>
        sym = 0x555556784750
        len = 2
        idx = 0x555558ca97d0
        alias = "symbol:\362=\000\200J==J7\216jXq\264bV+\372\240\027\006\000\177\000\000\374\2669YUU\000\000)\000\000\000\000\000\000\000 \344\236\367\377\177\000\000\004\000\000\000\000\000\000\000\005\000\000\000\000\000\000\0001f\211\367\377\177\000\000P,\211XUU\000\000P,\211XUU\000\000\004\000\000\000\000\000\000\0001f\211\367\377\177\000\000\004\000\000\000\000\000\000\000x^\211\367\377\177\000\000\274\0258YUU\000\000&\000\000\000\000\000\000\000 \344\236\367\377\177\000\000\b\000\000\000\000\000\000\000\t\000\000\000\000\000\000\0001f\211\367\377\177\000\000P,\211XUU\000\000P,\211XUU\000\000\004\000\000\000\000\000\000\000"...
        salias = {bytes = 0x7fffffffa9f0 "symbol:\362=", size = 1024, 
          need_free = false}
        baselen = 7
        iter = {hash = 0x555555582770, bucket = 23, entry = 8}
        v = 0x555556784750
        ret = 0
#2  0x00005555555678e2 in depmod_output (out=0x0, depmod=0x7fffffffafa0)
    at tools/depmod.c:2622
        fp = 0x555558892c50
        tmp = "modules.symbols.bin.43360.367538.1678955713", '\000' <repeats 211 times>
        r = <optimized out>
        ferr = <optimized out>
        dname = 0x7fffffffb218 "/lib/modules/6.2.6-arch1-1-dbg"
        dfd = <optimized out>
        err = 0
        tv = {tv_sec = 1678955713, tv_usec = 367538}
        itr = <optimized out>
        depfiles = <optimized out>
        dname = <optimized out>
        dfd = <optimized out>
        err = <optimized out>
        tv = <optimized out>
        fp = <optimized out>
        tmp = <optimized out>
        r = <optimized out>
        ferr = <optimized out>
        flags = <optimized out>
        mode = <optimized out>
        fd = <optimized out>
#3  do_depmod (argc=<optimized out>, argv=<optimized out>)
    at tools/depmod.c:3112
        out = 0x0
        err = 0
        all = <optimized out>
        maybe_all = <optimized out>
        n_config_paths = <optimized out>
        root = 0x0
        config_paths = 0x0
        system_map = <optimized out>
        module_symvers = <optimized out>
        null_kmod_config = 0x0
        un = {sysname = '\000' <repeats 64 times>, 
          nodename = '\000' <repeats 64 times>, 
          release = '\000' <repeats 64 times>, 
          version = '\000' <repeats 64 times>, 
          machine = '\000' <repeats 64 times>, 
          domainname = '\000' <repeats 64 times>}
        ctx = 0x0
        cfg = {kversion = 0x7fffffffedec "6.2.6-arch1-1-dbg", 
          dirname = "/lib/modules/6.2.6-arch1-1-dbg", '\000' <repeats 4065 times>, dirnamelen = 30, sym_prefix = 0 '\000', check_symvers = 0 '\000', 
          print_unknown = 0 '\000', warn_dups = 0 '\000', overrides = 0x0, 
          searches = 0x55555558b7d0, externals = 0x0, excludes = 0x0}
        depmod = {cfg = 0x7fffffffb210, ctx = 0x55555557d2a0, modules = {
            array = 0x555555592830, count = 5824, total = 5888, step = 128}, 
          modules_by_uncrelpath = 0x55555557e730, 
          modules_by_name = 0x555555580750, symbols = 0x555555582770}
#4  0x00007ffff783c790 in __libc_start_call_main (
    main=main@entry=0x5555555580f0 <main>, argc=argc@entry=2, 
    argv=argv@entry=0x7fffffffeba8)
    at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737488350120, 
                -3119749366590095931, 0, 140737488350144, 93824992389880, 
                140737354125312, 3119749366951296453, 3119731741903404485}, 
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffeba8, 
              0x2}, data = {prev = 0x0, cleanup = 0x0, canceltype = -5208}}}
        not_first_call = <optimized out>
#5  0x00007ffff783c84a in __libc_start_main_impl (main=0x5555555580f0 <main>, 
    argc=2, argv=0x7fffffffeba8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffeb98)
    at ../csu/libc-start.c:360
No locals.
#6  0x0000555555558305 in _start () at ../sysdeps/x86_64/start.S:115
No locals.
rax            0xfffffff2          4294967282
rbx            0xfffffffffffffff2  -14
rcx            0x20                32
rdx            0x8                 8
rsi            0xfffffff2          4294967282
rdi            0x555558ca97d0      93825050253264
rbp            0x6                 0x6
rsp            0x7fffffffa920      0x7fffffffa920
r8             0x1                 1
r9             0x20                32
r10            0x7fffffffa9f0      140737488333296
r11            0x0                 0
r12            0x0                 0
r13            0x55555940dd10      93825058004240
r14            0x20                32
r15            0x7                 7
rip            0x555555559380      0x555555559380 <index_insert+32>
eflags         0x10202             [ IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
=> 0x555555559380 <index_insert+32>:    mov    r13,QWORD PTR [r14]
   0x555555559383 <index_insert+35>:    movsxd r8,edx
   0x555555559386 <index_insert+38>:    xor    ebp,ebp
   0x555555559388 <index_insert+40>:    lea    rbx,[r10+r8*1]
   0x55555555938c <index_insert+44>:    mov    r15,r8
   0x55555555938f <index_insert+47>:    movsx  r12,BYTE PTR [r13+0x0]
   0x555555559394 <index_insert+52>:    test   r12b,r12b
   0x555555559397 <index_insert+55>:    jne    0x5555555593b7 <index_insert+87>
   0x555555559399 <index_insert+57>:    
    jmp    0x55555555945c <index_insert+252>
   0x55555555939e <index_insert+62>:    xchg   ax,ax
   0x5555555593a0 <index_insert+64>:    add    rbp,0x1
   0x5555555593a4 <index_insert+68>:    add    rbx,0x1
   0x5555555593a8 <index_insert+72>:    movsx  r12,BYTE PTR [r13+rbp*1+0x0]
   0x5555555593ae <index_insert+78>:    test   r12b,r12b
   0x5555555593b1 <index_insert+81>:    
    je     0x555555559480 <index_insert+288>
   0x5555555593b7 <index_insert+87>:    mov    eax,ebp
   0x5555555593b9 <index_insert+89>:    cmp    BYTE PTR [rbx],r12b
   0x5555555593bc <index_insert+92>:    je     0x5555555593a0 <index_insert+64>
   0x5555555593be <index_insert+94>:    add    edx,ebp
   0x5555555593c0 <index_insert+96>:    mov    QWORD PTR [rsp+0x18],r10
   0x5555555593c5 <index_insert+101>:   lea    r15,[rbp+r8*1+0x0]
   0x5555555593ca <index_insert+106>:   mov    esi,0x1
   0x5555555593cf <index_insert+111>:   mov    DWORD PTR [rsp+0x28],edx
   0x5555555593d3 <index_insert+115>:   mov    edi,0x418
   0x5555555593d8 <index_insert+120>:   
    call   QWORD PTR [rip+0x228a2]        # 0x55555557bc80
   0x5555555593de <index_insert+126>:   mov    r11d,0x83
   0x5555555593e4 <index_insert+132>:   mov    rsi,r14
   0x5555555593e7 <index_insert+135>:   mov    rdi,rax
   0x5555555593ea <index_insert+138>:   mov    rcx,r11
   0x5555555593ed <index_insert+141>:   mov    QWORD PTR [rsp+0x10],rax
   0x5555555593f2 <index_insert+146>:   
    rep movs QWORD PTR es:[rdi],QWORD PTR ds:[rsi]
   0x5555555593f5 <index_insert+149>:   lea    rdi,[r13+rbp*1+0x1]
   0x5555555593fa <index_insert+154>:   mov    QWORD PTR [rsp+0x8],rcx
   0x5555555593ff <index_insert+159>:   
    call   QWORD PTR [rip+0x22b53]        # 0x55555557bf58
   0x555555559405 <index_insert+165>:   lea    rdi,[r14+0x8]
   0x555555559409 <index_insert+169>:   mov    rcx,r14
   0x55555555940c <index_insert+172>:   mov    edx,r12d
   0x55555555940f <index_insert+175>:   mov    r9,QWORD PTR [rsp+0x10]
   0x555555559414 <index_insert+180>:   and    rdi,0xfffffffffffffff8
   0x555555559418 <index_insert+184>:   sub    rcx,rdi
   0x55555555941b <index_insert+187>:   mov    QWORD PTR [r9],rax
   0x55555555941e <index_insert+190>:   add    ecx,0x418
   0x555555559424 <index_insert+196>:   mov    QWORD PTR [r14+0x410],0x0
   0x55555555942f <index_insert+207>:   mov    rax,QWORD PTR [rsp+0x8]
   0x555555559434 <index_insert+212>:   shr    ecx,0x3
   0x555555559437 <index_insert+215>:   rep stos QWORD PTR es:[rdi],rax
   0x55555555943a <index_insert+218>:   movzx  eax,r12b
   0x55555555943e <index_insert+222>:   mov    BYTE PTR [r13+rbp*1+0x0],0x0
   0x555555559444 <index_insert+228>:   mov    ah,dl
   0x555555559446 <index_insert+230>:   mov    QWORD PTR [r14],r13
0x7fffffffa920: 0x000055555940e840  0x00007fffffffa9f0
0x7fffffffa930: 0x0000555558b77dd0  0x00007fffffffa9f0
0x7fffffffa940: 0x000055555577ac78  0x0000051800000008
0x7fffffffa950: 0x0000555555573cb2  0x0000555558ca97d0
0x7fffffffa960: 0x0000000000000002  0x00007fffffffa9b8
0x7fffffffa970: 0x0000555556784760  0x00007fffffffafa0
0x7fffffffa980: 0x0000555556784750  0x000055555555b9a4
0x7fffffffa990: 0x0000000000000004  0x00007fffffffa9c0
0x7fffffffa9a0: 0x00007fffffffa9f0  0x0000555558892c50
0x7fffffffa9b0: 0x000055555938e6ac  0x0000555556784750
0x7fffffffa9c0: 0x0000555555582770  0x0000000800000017
0x7fffffffa9d0: 0x00007fffffffa9f0  0x0000000000000400
0x7fffffffa9e0: 0x0000555558892c00  0x0000555558892c50
0x7fffffffa9f0: 0xf23a6c6f626d7973  0x374a3d3d4a80003d
0x7fffffffaa00: 0x2b5662b471586a8e  0x00007f000617a0fa
0x7fffffffaa10: 0x000055555939b6fc  0x0000000000000029
0x7fffffffaa20: 0x00007ffff79ee420  0x0000000000000004
0x7fffffffaa30: 0x0000000000000005  0x00007ffff7896631
0x7fffffffaa40: 0x0000555558892c50  0x0000555558892c50
0x7fffffffaa50: 0x0000000000000004  0x00007ffff7896631
0x7fffffffaa60: 0x0000000000000004  0x00007ffff7895e78
0x7fffffffaa70: 0x00005555593815bc  0x0000000000000026
0x7fffffffaa80: 0x00007ffff79ee420  0x0000000000000008
0x7fffffffaa90: 0x0000000000000009  0x00007ffff7896631
0x7fffffffaaa0: 0x0000555558892c50  0x0000555558892c50

I could upload the linux-dbg-6.2.6.arch1-1-x86_64.pkg.tar.zst package somewhere if necessary.

Thanks!

Best Martin

evelikov commented 1 year ago

Being an Arch user myself, I don't mind having a look. Although I would need the mentioned "dbg" package, since I don't see myself rebuilding a whole kernel for this ;-)

Plus the package also contains the version of all tools installed - gcc/binutils/kmod/etc.

martinclauss commented 10 months ago

Hey @evelikov!

Thanks for your reply and sorry for the long delay. I finally uploaded the files here: https://uni-bonn.sciebo.de/s/yPC7A31lk3H5Rnd Fingers crossed that you find the problem :nerd_face:

Thanks a lot! :heart:

evelikov commented 10 months ago

Welcome back o/ I'm quite busy in the upcoming week or two, although I might find some time just before Xmas.

evelikov commented 8 months ago

Had a quick play with this over the weekend. The problem isn't limited to depmod. Running "modinfo" on such module, lists lots of arbitrary sections and data.

At a glance it looks like our elf section parsing code (in libkmod), is getting pointers/offsets where it expects strings. I am pleasantly surprised that valgrind does not report any issues (overflows, invalid access etc).

If should be a matter of detecting the elf (section) type and returning from the kmod functions. @lucasdemarchi if you have any pointers off the top of your head that will be appreciated.