About linux : How-can-I-solve-the-bug-KASAN-wild-memory-access-in-loadmodule

I have been tried to run the kernel module (.ko) on aarch64 qemu with 5.10.0 version of kernel. So, below steps are what I did to try it.

1. Install the cross compile toolchian (http://releases.linaro.org/components/toolchain/binaries/latest-7/aarch64-linux-gnu/gcc-linaro-7.5.0-2019.12-x86_64_aarch64-linux-gnu.tar.xz)

2. Download the 5.10.0 kernel source (https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.tar.xz)

3. ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make defconfig

4. Add below configs in .config

CONFIG_KCOV=y
CONFIG_KCOV_ENABLE_COMPARISONS=y
CONFIG_KASAN=y
CONFIG_DEBUG_INFO=y
CONFIG_CMDLINE="console=ttyAMA0"
CONFIG_KCOV_INSTRUMENT_ALL=y
CONFIG_FAULT_INJECTION=y
CONFIG_DEBUG_KMEMLEAK=y
CONFIG_DEBUG_FS=y
CONFIG_NET_9P=y
CONFIG_NET_9P_VIRTIO=y
CONFIG_CROSS_COMPILE="aarch64-linux-gnu-"

5. Create kernel image with ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make -j40 command

6. Create rootfs.ext2 with buildroot (https://buildroot.uclibc.org/downloads/buildroot-2021.02.8.tar.gz)

7. Install qemu (https://download.qemu.org/qemu-6.2.0.tar.xz)

8. Booting qemu with below script

build/qemu-system-aarch64 \
  -machine virt \
  -cpu cortex-a57 \
  -nographic -smp 1 \ 
  -hda rootfs.ext2 \
  -kernel Image \
  -append "console=ttyAMA0 root=/dev/vda oops=panic panic_on_warn=1 panic=-1 ftrace_dump_on_oops=orig_cpu debug earlyprintk=serial slub_debug=UZ" \
  -m 2G \
  -net user,hostfwd=tcp::10023-:23 -net nic

9. After booting, I logged in qemu shell as root

Welcome to Buildroot
buildroot login: root
password:
# uname -a
Linux buildroot 5.10.0 #1 SMP PREEMPT Tue Dec 21 11:32:34 KST 2021 aarch64 GNU/Linux

10. Create a hello.ko
    hello.c

#include <linux/init.h>
#include <linux/module.h>
#include <linux/kernel.h>
static int hello_init(void)
{
        printk("Test\n");
        return 0;
}

static void hello_exit(void)
{
        printk("Test exit\n");
}

module_init(hello_init);
module_exit(hello_exit);

MODULE_LICENSE("GPL v2");

11. Make hello kernel module with aarch64 cross compile

# modinfo hello.ko
filename:       /(my workspace directory path)/hello.ko
license:        GPL v2
depends:        
name:           hello
vermagic:       5.10.0 SMP preempt mod_unload aarch64

I sent this hello.ko module to qemu with scp -P 10023 (hello.ko path) [email protected]:~. And I ran the insmod command but, there is a bug in load_module.

# insmod hello.ko
[ 4255.121496] hello: loading out-of-tree module taints kernel.
[ 4255.151097] ==================================================================
[ 4255.151969] BUG: KASAN: wild-memory-access in load_module+0x2dc0/0x3750
[ 4255.152628] Read of size 8 at addr d50323bfa8c17cc5 by task insmod/225
[ 4255.153225] 
[ 4255.154373] CPU: 0 PID: 225 Comm: insmod Tainted: G           O      5.10.0 #1
[ 4255.154993] Hardware name: linux,dummy-virt (DT)
[ 4255.155737] Call trace:
[ 4255.156167]  dump_backtrace+0x0/0x3b8
[ 4255.156615]  show_stack+0x2c/0x80
[ 4255.157009]  dump_stack+0x168/0x1e8
[ 4255.157422]  kasan_report+0x1ac/0x200
[ 4255.157915]  __asan_load8+0x94/0xd0
[ 4255.158336]  load_module+0x2dc0/0x3750
[ 4255.158806]  __do_sys_finit_module+0x114/0x178
[ 4255.159263]  __arm64_sys_finit_module+0x44/0x58
[ 4255.159723]  el0_svc_common.constprop.0+0xf0/0x340
[ 4255.160209]  do_el0_svc+0x48/0x118
[ 4255.160641]  el0_svc+0x24/0x38
[ 4255.161028]  el0_sync_handler+0x17c/0x180
[ 4255.161439]  el0_sync+0x174/0x180
[ 4255.161920] ==================================================================
[ 4255.162445] Disabling lock debugging due to kernel taint
[ 4255.170664] Kernel panic - not syncing: panic_on_warn set ... 
[ 4255.171418] CPU: 0 PID: 225 Comm: insmod Tainted: G    B      O      5.10.0 #1
[ 4255.171932] Hardware name: linux,dummy-virt (DT)
[ 4255.172298] Call trace:
[ 4255.172777]  dump_backtrace+0x0/0x3b8
[ 4255.173190]  show_stack+0x2c/0x80
[ 4255.173644]  dump_stack+0x168/0x1e8
[ 4255.174039]  panic+0x2b0/0x5dc
[ 4255.174449]  end_report+0x68/0x7c
[ 4255.174877]  kasan_report+0x14c/0x200
[ 4255.175304]  __asan_load8+0x94/0xd0
[ 4255.175778]  load_module+0x2dc0/0x3750
[ 4255.176223]  __do_sys_finit_module+0x114/0x178
[ 4255.176662]  __arm64_sys_finit_module+0x44/0x58
[ 4255.177145]  el0_svc_common.constprop.0+0xf0/0x340
[ 4255.177616]  do_el0_svc+0x48/0x118
[ 4255.178073]  el0_svc+0x24/0x38
[ 4255.178504]  el0_sync_handler+0x17c/0x180
[ 4255.178910]  el0_sync+0x174/0x180
[ 4255.179916] Kernel Offset: 0x3d000000 from 0xffffa00010000000
[ 4255.180429] PHYS_OFFSET: 0xffff943bc0000000

How can I solve this bug? I’d appreciate your help. Thank you!