Segmentation fault when running depmod/kmod

[martinclauss]

Hi :)

I first reported the bug here: https://bugs.archlinux.org/task/77868 but since it is an upstream issue, I want to report it here as well.

I built a custom Linux kernel with debugging information. If I'm correct the bug occurs when keeping the debug information in the modules. Excerpt from the PKGBUILD file (Arch Linux):

  echo "Installing modules..."
  make INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP="--only-keep-debug" \
    DEPMOD=/doesnt/exist modules_install  # Suppress depmod

INSTALL_MOD_STRIP="--only-keep-debug" was INSTALL_MOD_STRIP=1 before the modification.

While running sudo pacman -U linux-dbg-6.2.6.arch1-1-x86_64.pkg.tar.zst and with

gdb -ex "set disassembly-flavor intel" -ex "run" -ex "bt full" -ex "info registers" -ex 'x/50i $pc' -ex 'x/50gx $sp' -args depmod -b "$BUILDROOT" "$KERNELVERSION"

(in /usr/lib/initcpio/functions and similar in /usr/share/libalpm/scripts/depmod) I get the following crash information:

Program received signal SIGSEGV, Segmentation fault.
0x000055555555943e in index_insert (node=0x555555fad950, 
    node@entry=0x555555fe4d60, 
    key=key@entry=0x7fffffffa9e0 "symbol:", <incomplete sequence \375>, 
    value=<optimized out>, priority=<optimized out>) at tools/depmod.c:290
290					prefix[j] = '\0';
#0  0x000055555555943e in index_insert (node=0x555555fad950, 
    node@entry=0x555555fe4d60, 
    key=key@entry=0x7fffffffa9e0 "symbol:", <incomplete sequence \375>, 
    value=<optimized out>, priority=<optimized out>) at tools/depmod.c:290
        prefix = 0x7ffff79f0000 <argp_default_options+96> "m4\233\367\377\177"
        n = <optimized out>
        j = 0
        child = <optimized out>
        i = <optimized out>
        ch = 109
#1  0x000055555555b9a4 in output_symbols_bin (depmod=0x7fffffffaf90, 
    out=0x55555558a4f0) at tools/depmod.c:2352
        duplicate = <optimized out>
        sym = 0x5555556fefc0
        len = 2
        idx = 0x555555fe4d60
        alias = "symbol:\026\375\000\a\265\006\00055]\202\216(\234E\021I\243\235\020\006\000\177\000\000\002\000\000\000\000\000\000\000J\262\000 \000\000\000\000\020\307\aVUU\000\000\002\000\000\000\000\000\000\000\002\000\000\000\000\000\000\0001f\211\367\377\177\000\000\360\244XUUU\000\000\360\244XUUU\000\000\004\000\000\000\000\000\000\0001f\211\367\377\177\000\000\004\000\000\000\000\000\000\000x^\211\367\377\177\000\000\034\265\aVUU\000\000:\000\000\000\000\000\000\000 \344\236\367\377\177\000\000\000\000\000\000\000\000\000\000\001\000\000\000\000\000\000\0001f\211\367\377\177\000\000\360\244XUUU\000\000\360\244XUUU\000\000\004\000\000\000\000\000\000\000"...
        salias = {
          bytes = 0x7fffffffa9e0 "symbol:", <incomplete sequence \375>, 
          size = 1024, need_free = false}
        baselen = 7
        iter = {hash = 0x5555555824d0, bucket = 206, entry = 3}
        v = 0x5555556fefc0
        ret = 0
#2  0x00005555555678e2 in depmod_output (out=0x0, depmod=0x7fffffffaf90)
    at tools/depmod.c:2622
        fp = 0x55555558a4f0
        tmp = "modules.symbols.bin.35708.970794.1678954917", '\000' <repeats 211 times>
        r = <optimized out>
        ferr = <optimized out>
        dname = 0x7fffffffb208 "/tmp/mkinitcpio.Q7ebwH/root/lib/modules/6.2.6-arch1-1-dbg"
        dfd = <optimized out>
        err = 0
        tv = {tv_sec = 1678954917, tv_usec = 970794}
        itr = <optimized out>
        depfiles = <optimized out>
        dname = <optimized out>
        dfd = <optimized out>
        err = <optimized out>
        tv = <optimized out>
        fp = <optimized out>
        tmp = <optimized out>
        r = <optimized out>
        ferr = <optimized out>
        flags = <optimized out>
        mode = <optimized out>
        fd = <optimized out>
#3  do_depmod (argc=<optimized out>, argv=<optimized out>)
    at tools/depmod.c:3112
        out = 0x0
        err = 0
        all = <optimized out>
        maybe_all = <optimized out>
        n_config_paths = <optimized out>
        root = 0x55555557d2a0 "/tmp/mkinitcpio.Q7ebwH/root"
        config_paths = 0x0
        system_map = <optimized out>
        module_symvers = <optimized out>
        null_kmod_config = 0x0
        un = {sysname = '\000' <repeats 64 times>, 
          nodename = '\000' <repeats 64 times>, 
          release = '\000' <repeats 64 times>, 
          version = '\000' <repeats 64 times>, 
          machine = '\000' <repeats 64 times>, 
          domainname = '\000' <repeats 64 times>}
        ctx = 0x0
        cfg = {kversion = 0x7fffffffee0b "6.2.6-arch1-1-dbg", 
          dirname = "/tmp/mkinitcpio.Q7ebwH/root/lib/modules/6.2.6-arch1-1-dbg", '\000' <repeats 4038 times>, dirnamelen = 57, sym_prefix = 0 '\000', 
          check_symvers = 0 '\000', print_unknown = 0 '\000', 
          warn_dups = 0 '\000', overrides = 0x0, searches = 0x55555558b820, 
          externals = 0x0, excludes = 0x0}
        depmod = {cfg = 0x7fffffffb200, ctx = 0x55555557d2d0, modules = {
            array = 0x5555555cfac0, count = 624, total = 640, step = 128}, 
          modules_by_uncrelpath = 0x55555557e490, 
          modules_by_name = 0x5555555804b0, symbols = 0x5555555824d0}
#4  0x00007ffff783c790 in __libc_start_call_main (
    main=main@entry=0x5555555580f0 <main>, argc=argc@entry=4, 
    argv=argv@entry=0x7fffffffeb98)
    at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737488350104, 
                -7613084770232875294, 0, 140737488350144, 93824992389880, 
                140737354125312, 7613084769525253858, 7613067693730907874}, 
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffeb98, 
              0x4}, data = {prev = 0x0, cleanup = 0x0, canceltype = -5224}}}
        not_first_call = <optimized out>
#5  0x00007ffff783c84a in __libc_start_main_impl (main=0x5555555580f0 <main>, 
    argc=4, argv=0x7fffffffeb98, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffeb88)
    at ../csu/libc-start.c:360
No locals.
#6  0x0000555555558305 in _start () at ../sysdeps/x86_64/start.S:115
No locals.
rax            0x6d                109
rbx            0x7fffffffa9e9      140737488333289
rcx            0x0                 0
rdx            0x6d                109
rsi            0xfff79b34          4294417204
rdi            0x555555fadd68      93825003085160
rbp            0x0                 0x0
rsp            0x7fffffffa910      0x7fffffffa910
r8             0x20                32
r9             0x555555fb4f00      93825003114240
r10            0x555555fd7c50      93825003256912
r11            0x0                 0
r12            0x6d                109
r13            0x7ffff79f0000      140737347780608
r14            0x555555fad950      93825003084112
r15            0x9                 9
rip            0x55555555943e      0x55555555943e <index_insert+222>
eflags         0x10206             [ PF IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
=> 0x55555555943e <index_insert+222>:	mov    BYTE PTR [r13+rbp*1+0x0],0x0
   0x555555559444 <index_insert+228>:	mov    ah,dl
   0x555555559446 <index_insert+230>:	mov    QWORD PTR [r14],r13
   0x555555559449 <index_insert+233>:	mov    edx,DWORD PTR [rsp+0x28]
   0x55555555944d <index_insert+237>:	mov    r10,QWORD PTR [rsp+0x18]
   0x555555559452 <index_insert+242>:	mov    WORD PTR [r14+0x10],ax
   0x555555559457 <index_insert+247>:	mov    QWORD PTR [r14+r12*8+0x18],r9
   0x55555555945c <index_insert+252>:	movsx  eax,BYTE PTR [rbx]
   0x55555555945f <index_insert+255>:	mov    esi,eax
   0x555555559461 <index_insert+257>:	test   eax,eax
   0x555555559463 <index_insert+259>:	
    je     0x555555559494 <index_insert+308>
   0x555555559465 <index_insert+261>:	movsxd rbx,eax
   0x555555559468 <index_insert+264>:	mov    rcx,QWORD PTR [r14+rbx*8+0x18]
   0x55555555946d <index_insert+269>:	test   rcx,rcx
   0x555555559470 <index_insert+272>:	
    je     0x5555555594b4 <index_insert+340>
   0x555555559472 <index_insert+274>:	add    edx,0x1
   0x555555559475 <index_insert+277>:	mov    r14,rcx
   0x555555559478 <index_insert+280>:	jmp    0x555555559380 <index_insert+32>
   0x55555555947d <index_insert+285>:	nop    DWORD PTR [rax]
   0x555555559480 <index_insert+288>:	lea    edx,[rdx+rax*1+0x1]
   0x555555559484 <index_insert+292>:	movsxd r15,edx
   0x555555559487 <index_insert+295>:	lea    rbx,[r10+r15*1]
   0x55555555948b <index_insert+299>:	movsx  eax,BYTE PTR [rbx]
   0x55555555948e <index_insert+302>:	mov    esi,eax
   0x555555559490 <index_insert+304>:	test   eax,eax
   0x555555559492 <index_insert+306>:	
    jne    0x555555559465 <index_insert+261>
   0x555555559494 <index_insert+308>:	mov    edx,DWORD PTR [rsp+0x2c]
   0x555555559498 <index_insert+312>:	mov    rsi,QWORD PTR [rsp+0x20]
   0x55555555949d <index_insert+317>:	add    rsp,0x38
   0x5555555594a1 <index_insert+321>:	lea    rdi,[r14+0x8]
   0x5555555594a5 <index_insert+325>:	pop    rbx
   0x5555555594a6 <index_insert+326>:	pop    rbp
   0x5555555594a7 <index_insert+327>:	pop    r12
   0x5555555594a9 <index_insert+329>:	pop    r13
   0x5555555594ab <index_insert+331>:	pop    r14
   0x5555555594ad <index_insert+333>:	pop    r15
   0x5555555594af <index_insert+335>:	jmp    0x555555559290 <index_add_value>
   0x5555555594b4 <index_insert+340>:	movzx  edx,BYTE PTR [r14+0x10]
   0x5555555594b9 <index_insert+345>:	cmp    edx,eax
   0x5555555594bb <index_insert+347>:	
    jle    0x5555555594c1 <index_insert+353>
   0x5555555594bd <index_insert+349>:	mov    BYTE PTR [r14+0x10],al
   0x5555555594c1 <index_insert+353>:	movzx  edx,BYTE PTR [r14+0x11]
   0x5555555594c6 <index_insert+358>:	cmp    edx,eax
   0x5555555594c8 <index_insert+360>:	
    jge    0x5555555594ce <index_insert+366>
   0x5555555594ca <index_insert+362>:	mov    BYTE PTR [r14+0x11],sil
   0x5555555594ce <index_insert+366>:	mov    QWORD PTR [rsp+0x8],r10
   0x5555555594d3 <index_insert+371>:	mov    esi,0x1
   0x5555555594d8 <index_insert+376>:	mov    edi,0x418
   0x5555555594dd <index_insert+381>:	
    call   QWORD PTR [rip+0x2279d]        # 0x55555557bc80
   0x5555555594e3 <index_insert+387>:	mov    r10,QWORD PTR [rsp+0x8]
0x7fffffffa910:	0x0000555555f8cf48	0x0000000000000000
0x7fffffffa920:	0x0000555555fb4f00	0x00007fffffffa9e0
0x7fffffffa930:	0x00005555555ab118	0x0000001e00000009
0x7fffffffa940:	0x0000555555573cb2	0x0000555555fe4d60
0x7fffffffa950:	0x0000000000000002	0x00007fffffffa9a8
0x7fffffffa960:	0x00005555556fefd0	0x00007fffffffaf90
0x7fffffffa970:	0x00005555556fefc0	0x000055555555b9a4
0x7fffffffa980:	0x0000000000000004	0x00007fffffffa9b0
0x7fffffffa990:	0x00007fffffffa9e0	0x000055555558a4f0
0x7fffffffa9a0:	0x0000555555fa7bbc	0x00005555556fefc0
0x7fffffffa9b0:	0x00005555555824d0	0x00000003000000ce
0x7fffffffa9c0:	0x00007fffffffa9e0	0x0000000000000400
0x7fffffffa9d0:	0x000055555558a400	0x000055555558a4f0
0x7fffffffa9e0:	0x163a6c6f626d7973	0x35350006b50700fd
0x7fffffffa9f0:	0x4911459c288e825d	0x00007f0006109da3
0x7fffffffaa00:	0x0000000000000002	0x000000002000b24a
0x7fffffffaa10:	0x000055555607c710	0x0000000000000002
0x7fffffffaa20:	0x0000000000000002	0x00007ffff7896631
0x7fffffffaa30:	0x000055555558a4f0	0x000055555558a4f0
0x7fffffffaa40:	0x0000000000000004	0x00007ffff7896631
0x7fffffffaa50:	0x0000000000000004	0x00007ffff7895e78
0x7fffffffaa60:	0x000055555607b51c	0x000000000000003a
0x7fffffffaa70:	0x00007ffff79ee420	0x0000000000000000
0x7fffffffaa80:	0x0000000000000001	0x00007ffff7896631
0x7fffffffaa90:	0x000055555558a4f0	0x000055555558a4f0

and

Program received signal SIGSEGV, Segmentation fault.
index_insert (node=0x20, node@entry=0x555558ca97d0, 
    key=key@entry=0x7fffffffa9f0 "symbol:\362=", value=<optimized out>, 
    priority=<optimized out>) at tools/depmod.c:276
276			for (j = 0; node->prefix[j]; j++) {
#0  index_insert (node=0x20, node@entry=0x555558ca97d0, 
    key=key@entry=0x7fffffffa9f0 "symbol:\362=", value=<optimized out>, 
    priority=<optimized out>) at tools/depmod.c:276
        j = 0
        child = <optimized out>
        i = 8
        ch = <optimized out>
#1  0x000055555555b9a4 in output_symbols_bin (depmod=0x7fffffffafa0, 
    out=0x555558892c50) at tools/depmod.c:2352
        duplicate = <optimized out>
        sym = 0x555556784750
        len = 2
        idx = 0x555558ca97d0
        alias = "symbol:\362=\000\200J==J7\216jXq\264bV+\372\240\027\006\000\177\000\000\374\2669YUU\000\000)\000\000\000\000\000\000\000 \344\236\367\377\177\000\000\004\000\000\000\000\000\000\000\005\000\000\000\000\000\000\0001f\211\367\377\177\000\000P,\211XUU\000\000P,\211XUU\000\000\004\000\000\000\000\000\000\0001f\211\367\377\177\000\000\004\000\000\000\000\000\000\000x^\211\367\377\177\000\000\274\0258YUU\000\000&\000\000\000\000\000\000\000 \344\236\367\377\177\000\000\b\000\000\000\000\000\000\000\t\000\000\000\000\000\000\0001f\211\367\377\177\000\000P,\211XUU\000\000P,\211XUU\000\000\004\000\000\000\000\000\000\000"...
        salias = {bytes = 0x7fffffffa9f0 "symbol:\362=", size = 1024, 
          need_free = false}
        baselen = 7
        iter = {hash = 0x555555582770, bucket = 23, entry = 8}
        v = 0x555556784750
        ret = 0
#2  0x00005555555678e2 in depmod_output (out=0x0, depmod=0x7fffffffafa0)
    at tools/depmod.c:2622
        fp = 0x555558892c50
        tmp = "modules.symbols.bin.43360.367538.1678955713", '\000' <repeats 211 times>
        r = <optimized out>
        ferr = <optimized out>
        dname = 0x7fffffffb218 "/lib/modules/6.2.6-arch1-1-dbg"
        dfd = <optimized out>
        err = 0
        tv = {tv_sec = 1678955713, tv_usec = 367538}
        itr = <optimized out>
        depfiles = <optimized out>
        dname = <optimized out>
        dfd = <optimized out>
        err = <optimized out>
        tv = <optimized out>
        fp = <optimized out>
        tmp = <optimized out>
        r = <optimized out>
        ferr = <optimized out>
        flags = <optimized out>
        mode = <optimized out>
        fd = <optimized out>
#3  do_depmod (argc=<optimized out>, argv=<optimized out>)
    at tools/depmod.c:3112
        out = 0x0
        err = 0
        all = <optimized out>
        maybe_all = <optimized out>
        n_config_paths = <optimized out>
        root = 0x0
        config_paths = 0x0
        system_map = <optimized out>
        module_symvers = <optimized out>
        null_kmod_config = 0x0
        un = {sysname = '\000' <repeats 64 times>, 
          nodename = '\000' <repeats 64 times>, 
          release = '\000' <repeats 64 times>, 
          version = '\000' <repeats 64 times>, 
          machine = '\000' <repeats 64 times>, 
          domainname = '\000' <repeats 64 times>}
        ctx = 0x0
        cfg = {kversion = 0x7fffffffedec "6.2.6-arch1-1-dbg", 
          dirname = "/lib/modules/6.2.6-arch1-1-dbg", '\000' <repeats 4065 times>, dirnamelen = 30, sym_prefix = 0 '\000', check_symvers = 0 '\000', 
          print_unknown = 0 '\000', warn_dups = 0 '\000', overrides = 0x0, 
          searches = 0x55555558b7d0, externals = 0x0, excludes = 0x0}
        depmod = {cfg = 0x7fffffffb210, ctx = 0x55555557d2a0, modules = {
            array = 0x555555592830, count = 5824, total = 5888, step = 128}, 
          modules_by_uncrelpath = 0x55555557e730, 
          modules_by_name = 0x555555580750, symbols = 0x555555582770}
#4  0x00007ffff783c790 in __libc_start_call_main (
    main=main@entry=0x5555555580f0 <main>, argc=argc@entry=2, 
    argv=argv@entry=0x7fffffffeba8)
    at ../sysdeps/nptl/libc_start_call_main.h:58
        self = <optimized out>
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140737488350120, 
                -3119749366590095931, 0, 140737488350144, 93824992389880, 
                140737354125312, 3119749366951296453, 3119731741903404485}, 
              mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffeba8, 
              0x2}, data = {prev = 0x0, cleanup = 0x0, canceltype = -5208}}}
        not_first_call = <optimized out>
#5  0x00007ffff783c84a in __libc_start_main_impl (main=0x5555555580f0 <main>, 
    argc=2, argv=0x7fffffffeba8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffeb98)
    at ../csu/libc-start.c:360
No locals.
#6  0x0000555555558305 in _start () at ../sysdeps/x86_64/start.S:115
No locals.
rax            0xfffffff2          4294967282
rbx            0xfffffffffffffff2  -14
rcx            0x20                32
rdx            0x8                 8
rsi            0xfffffff2          4294967282
rdi            0x555558ca97d0      93825050253264
rbp            0x6                 0x6
rsp            0x7fffffffa920      0x7fffffffa920
r8             0x1                 1
r9             0x20                32
r10            0x7fffffffa9f0      140737488333296
r11            0x0                 0
r12            0x0                 0
r13            0x55555940dd10      93825058004240
r14            0x20                32
r15            0x7                 7
rip            0x555555559380      0x555555559380 <index_insert+32>
eflags         0x10202             [ IF RF ]
cs             0x33                51
ss             0x2b                43
ds             0x0                 0
es             0x0                 0
fs             0x0                 0
gs             0x0                 0
=> 0x555555559380 <index_insert+32>:	mov    r13,QWORD PTR [r14]
   0x555555559383 <index_insert+35>:	movsxd r8,edx
   0x555555559386 <index_insert+38>:	xor    ebp,ebp
   0x555555559388 <index_insert+40>:	lea    rbx,[r10+r8*1]
   0x55555555938c <index_insert+44>:	mov    r15,r8
   0x55555555938f <index_insert+47>:	movsx  r12,BYTE PTR [r13+0x0]
   0x555555559394 <index_insert+52>:	test   r12b,r12b
   0x555555559397 <index_insert+55>:	jne    0x5555555593b7 <index_insert+87>
   0x555555559399 <index_insert+57>:	
    jmp    0x55555555945c <index_insert+252>
   0x55555555939e <index_insert+62>:	xchg   ax,ax
   0x5555555593a0 <index_insert+64>:	add    rbp,0x1
   0x5555555593a4 <index_insert+68>:	add    rbx,0x1
   0x5555555593a8 <index_insert+72>:	movsx  r12,BYTE PTR [r13+rbp*1+0x0]
   0x5555555593ae <index_insert+78>:	test   r12b,r12b
   0x5555555593b1 <index_insert+81>:	
    je     0x555555559480 <index_insert+288>
   0x5555555593b7 <index_insert+87>:	mov    eax,ebp
   0x5555555593b9 <index_insert+89>:	cmp    BYTE PTR [rbx],r12b
   0x5555555593bc <index_insert+92>:	je     0x5555555593a0 <index_insert+64>
   0x5555555593be <index_insert+94>:	add    edx,ebp
   0x5555555593c0 <index_insert+96>:	mov    QWORD PTR [rsp+0x18],r10
   0x5555555593c5 <index_insert+101>:	lea    r15,[rbp+r8*1+0x0]
   0x5555555593ca <index_insert+106>:	mov    esi,0x1
   0x5555555593cf <index_insert+111>:	mov    DWORD PTR [rsp+0x28],edx
   0x5555555593d3 <index_insert+115>:	mov    edi,0x418
   0x5555555593d8 <index_insert+120>:	
    call   QWORD PTR [rip+0x228a2]        # 0x55555557bc80
   0x5555555593de <index_insert+126>:	mov    r11d,0x83
   0x5555555593e4 <index_insert+132>:	mov    rsi,r14
   0x5555555593e7 <index_insert+135>:	mov    rdi,rax
   0x5555555593ea <index_insert+138>:	mov    rcx,r11
   0x5555555593ed <index_insert+141>:	mov    QWORD PTR [rsp+0x10],rax
   0x5555555593f2 <index_insert+146>:	
    rep movs QWORD PTR es:[rdi],QWORD PTR ds:[rsi]
   0x5555555593f5 <index_insert+149>:	lea    rdi,[r13+rbp*1+0x1]
   0x5555555593fa <index_insert+154>:	mov    QWORD PTR [rsp+0x8],rcx
   0x5555555593ff <index_insert+159>:	
    call   QWORD PTR [rip+0x22b53]        # 0x55555557bf58
   0x555555559405 <index_insert+165>:	lea    rdi,[r14+0x8]
   0x555555559409 <index_insert+169>:	mov    rcx,r14
   0x55555555940c <index_insert+172>:	mov    edx,r12d
   0x55555555940f <index_insert+175>:	mov    r9,QWORD PTR [rsp+0x10]
   0x555555559414 <index_insert+180>:	and    rdi,0xfffffffffffffff8
   0x555555559418 <index_insert+184>:	sub    rcx,rdi
   0x55555555941b <index_insert+187>:	mov    QWORD PTR [r9],rax
   0x55555555941e <index_insert+190>:	add    ecx,0x418
   0x555555559424 <index_insert+196>:	mov    QWORD PTR [r14+0x410],0x0
   0x55555555942f <index_insert+207>:	mov    rax,QWORD PTR [rsp+0x8]
   0x555555559434 <index_insert+212>:	shr    ecx,0x3
   0x555555559437 <index_insert+215>:	rep stos QWORD PTR es:[rdi],rax
   0x55555555943a <index_insert+218>:	movzx  eax,r12b
   0x55555555943e <index_insert+222>:	mov    BYTE PTR [r13+rbp*1+0x0],0x0
   0x555555559444 <index_insert+228>:	mov    ah,dl
   0x555555559446 <index_insert+230>:	mov    QWORD PTR [r14],r13
0x7fffffffa920:	0x000055555940e840	0x00007fffffffa9f0
0x7fffffffa930:	0x0000555558b77dd0	0x00007fffffffa9f0
0x7fffffffa940:	0x000055555577ac78	0x0000051800000008
0x7fffffffa950:	0x0000555555573cb2	0x0000555558ca97d0
0x7fffffffa960:	0x0000000000000002	0x00007fffffffa9b8
0x7fffffffa970:	0x0000555556784760	0x00007fffffffafa0
0x7fffffffa980:	0x0000555556784750	0x000055555555b9a4
0x7fffffffa990:	0x0000000000000004	0x00007fffffffa9c0
0x7fffffffa9a0:	0x00007fffffffa9f0	0x0000555558892c50
0x7fffffffa9b0:	0x000055555938e6ac	0x0000555556784750
0x7fffffffa9c0:	0x0000555555582770	0x0000000800000017
0x7fffffffa9d0:	0x00007fffffffa9f0	0x0000000000000400
0x7fffffffa9e0:	0x0000555558892c00	0x0000555558892c50
0x7fffffffa9f0:	0xf23a6c6f626d7973	0x374a3d3d4a80003d
0x7fffffffaa00:	0x2b5662b471586a8e	0x00007f000617a0fa
0x7fffffffaa10:	0x000055555939b6fc	0x0000000000000029
0x7fffffffaa20:	0x00007ffff79ee420	0x0000000000000004
0x7fffffffaa30:	0x0000000000000005	0x00007ffff7896631
0x7fffffffaa40:	0x0000555558892c50	0x0000555558892c50
0x7fffffffaa50:	0x0000000000000004	0x00007ffff7896631
0x7fffffffaa60:	0x0000000000000004	0x00007ffff7895e78
0x7fffffffaa70:	0x00005555593815bc	0x0000000000000026
0x7fffffffaa80:	0x00007ffff79ee420	0x0000000000000008
0x7fffffffaa90:	0x0000000000000009	0x00007ffff7896631
0x7fffffffaaa0:	0x0000555558892c50	0x0000555558892c50

I could upload the linux-dbg-6.2.6.arch1-1-x86_64.pkg.tar.zst package somewhere if necessary.

Thanks!

Best
Martin

[evelikov]

Being an Arch user myself, I don't mind having a look. Although I would need the mentioned "dbg" package, since I don't see myself rebuilding a whole kernel for this ;-)

Plus the package also contains the version of all tools installed - gcc/binutils/kmod/etc.

[martinclauss]

Hey @evelikov!

Thanks for your reply and sorry for the long delay. I finally uploaded the files here: https://uni-bonn.sciebo.de/s/yPC7A31lk3H5Rnd
Fingers crossed that you find the problem 🤓

Thanks a lot! ❤️

[evelikov]

Welcome back o/ I'm quite busy in the upcoming week or two, although I might find some time just before Xmas.

[evelikov]

Had a quick play with this over the weekend. The problem isn't limited to depmod. Running "modinfo" on such module, lists lots of arbitrary sections and data.

At a glance it looks like our elf section parsing code (in libkmod), is getting pointers/offsets where it expects strings. I am pleasantly surprised that valgrind does not report any issues (overflows, invalid access etc).

If should be a matter of detecting the elf (section) type and returning from the kmod functions. @lucasdemarchi if you have any pointers off the top of your head that will be appreciated.

[stoeckmann]

I have reproduced the issue with given test files as well. The segmentation fault was an incomplete check in depmod itself.

Talking about the test files, I would say that kmod does what it's supposed to do, but the files themselves are broken:

$ objdump -x twofish-x86_64-3way.ko
...
Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .text         00004193  0000000000000000  0000000000000000  00000040  2**4
                  ALLOC, RELOC, READONLY, CODE
  1 .init.text    00000077  0000000000000000  0000000000000000  00000040  2**4
                  ALLOC, RELOC, READONLY, CODE
  2 .exit.text    00000025  0000000000000000  0000000000000000  00000040  2**4
                  ALLOC, RELOC, READONLY, CODE
  3 __ksymtab_gpl 00000024  0000000000000000  0000000000000000  00000040  2**2
                  ALLOC, RELOC, READONLY
  4 .rodata       00000052  0000000000000000  0000000000000000  00000040  2**5
                  ALLOC, RELOC, READONLY
  5 __ksymtab_strings 00000048  0000000000000000  0000000000000000  00000040  2**0
                  ALLOC, READONLY
  6 .rodata.str1.8 0000008c  0000000000000000  0000000000000000  00000040  2**3
                  ALLOC, READONLY
  7 __mcount_loc  00000038  0000000000000000  0000000000000000  00000040  2**0
                  ALLOC, RELOC, READONLY
  8 .modinfo      0000018d  0000000000000000  0000000000000000  00000040  2**0
                  ALLOC, READONLY
...

The module has the same file offset for various ELF sections, including .rodata, .modinfo, and .text. I heavily doubt that these files are valid, especially after comparing them with working modules. The .modinfo section should contain information about the module itself. Looking for strings like author or license didn't show up anything in your files.

[evelikov]

While I was looking into this I noticed that all the (relevant) sections were present but were missing the correct flag(s) (IIRC CONTENTS as listed by objdump). Where kmod as a whole never checks those and blindly assumes there is data within the respective sections.

Since these are stripped debug-only modules, they cannot be used as-is. If they truly are invalid maybe we should report a bug against the STRIP tool used?

[lucasdemarchi]

@stoeckmann is this fixed by the commits merged or still depend on that one commit that is pending?

[stoeckmann]

@lucasdemarchi, the issue is fixed as good as possible. The supplied module files lack required sections by the kernel, so they cannot be loaded. But kmod does not segfault anymore, either.

So, yes. This issue can be closed.

[lucasdemarchi]

@stoeckmann thanks