NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

kern/60391: kernel panic in efi_init() with "options KASAN"



>Number:         60391
>Category:       kern
>Synopsis:       kernel panic in efi_init() with "options KASAN"
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jul 01 00:30:00 +0000 2026
>Originator:     SAITOH Masanobu
>Release:        netbsd-11
>Organization:
>Environment:
>Description:
On my own Intel Elkhart Lake and Twin Lake machine using with UEFI, "options KASAN" doesn't work.

----------
[   1.0000000] NetBSD 11.0_RC5 (GENERIC) #3: Tue Jun 30 22:19:58 JST 2026
[   1.0000000]  msaitoh%dl4000n.execsw.org@localhost:/disk/sources/netbsd-11/src/sys/arch/amd64/compile/GENERIC
[   1.0000000] total memory = 7868 MB
[   1.0000000] avail memory = 6364 MB
[   1.0000000] timecounter: Timecounters tick every 10.000 msec
[   1.0000000] NET_MPSAFE enabled
[   1.0000000] Kernelized RAIDframe activated
[   1.0000000] RTC BIOS diagnostic error 0x3f<config_unit,memory_size,fixed_disk,invalid_time>
[   1.0000000] timecounter: Timecounter "i8254" frequency 1193182 Hz quality 100
[   1.0000040] efi: systbl at pa 6fe65018
[   1.0000040] uvm_fault(0xffffffff82c14e40, 0xffff90000dfcc000, 1) -> e
[   1.0000040] fatal page fault in supervisor mode
[   1.0000040] trap type 6 code 0 rip 0xffffffff815dbae6 cs 0x8 rflags 0x10202 cr2 0xffff90000dfccb73 ilevel 0x8 rsp 0xffffffff8317dd70
[   1.0000040] curlwp 0xffffffff82a3e680 pid 0.0 lowest kstack 0xffffffff831762c0
kernel: page fault trap, code=0
Stopped in pid 0.0 (system) at  netbsd:kasan_memcpy+0x7e:       movzbl  0(%rdx,%
rsi,1),%r8d
kasan_memcpy() at netbsd:kasan_memcpy+0x7e
efi_init() at netbsd:efi_init+0x314
cpu_configure() at netbsd:cpu_configure+0x23
main() at netbsd:main+0x376
ds          dd90
es          0
fs          dd50
gs          dda0
rdi         ffffffff80825097    efi_init+0x314
rsi         ffff800000000000
rbp         ffffffff8317dd90
rbx         6fe65b98
rdx         10000dfccb73
rcx         80006fe65c08
rax         80006fe65b98
r8          0
r9          1ffff3e04a2b9c0e
r10         1ffffffff04f5c3a
r11         ffffffff82b6b837    bootinfo+0x7f7
r12         ffffffff82b467a0    efi_rt
r13         70
r14         ffff9f02515ce018
r15         0
rip         ffffffff815dbae6    kasan_memcpy+0x7e
cs          8
rflags      10202
rsp         ffffffff8317dd70
ss          10
netbsd:kasan_memcpy+0x7e:       movzbl  0(%rdx,%rsi,1),%r8d
----------

>How-To-Repeat:
Compile a kernel with "options KASAN" and boot it on some UEFI systems.

Note that the following message is printed when linking the kernel though I don't know if it's related to the problem:
ld: warning: netbsd has a LOAD segment with RWX permissions
>Fix:
The following diff(from riastradh@) fixes the problem:
Index: efi_machdep.c
===================================================================
RCS file: /cvsroot/src/sys/arch/x86/x86/efi_machdep.c,v
retrieving revision 1.6
diff -u -p -r1.6 efi_machdep.c
--- efi_machdep.c       22 May 2023 16:28:07 -0000      1.6
+++ efi_machdep.c       30 Jun 2026 17:07:32 -0000
@@ -773,7 +773,7 @@ efi_runtime_init(void)
         * it for now.
         */
        pmap_update(efi_runtime_pmap);
-       memcpy(&efi_rt, systbl->st_rt, sizeof(efi_rt));
+       (memcpy)(&efi_rt, systbl->st_rt, sizeof(efi_rt));
        pmap_deactivate_sync(efi_runtime_pmap, cookie);

        /*

Another solution to prevent the problem is to disable "options EFI_RUNTIME".




Home | Main Index | Thread Index | Old Index