From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 55235C63705 for ; Wed, 7 Dec 2022 19:58:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229690AbiLGT6F (ORCPT ); Wed, 7 Dec 2022 14:58:05 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229632AbiLGT6B (ORCPT ); Wed, 7 Dec 2022 14:58:01 -0500 Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD1BA314; Wed, 7 Dec 2022 11:57:59 -0800 (PST) Received: by mail-ej1-x62f.google.com with SMTP id b2so16516697eja.7; Wed, 07 Dec 2022 11:57:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=uwlYb5TtslCWZuJIg0c5fFBPweRvwyNT2B+17eWN7DQ=; b=Epu9b5dteaX+/167ItSDQtYNYtOZV7s1VnROxCKUEg8gxgUlaOMVAyAE6IBgRJu4AG wd3ZSxVapysJonOPIfag2FxuSw3PMaoxLagpN7DFLU2sZ1nO/GeLBbNiCLm6jJwOBNQy 7C/T+oc4lMuRN2rJzzinf41OljkHA8cO7RnEJp7F89btQvN7NQpWBNCmXElwesjI7/B8 9QjyRMd7ExJ+AfEqI8Eu/20lH3oCVkHrpXNcJKJh1zFKWS4K4SKzLEfZjzA160BxyZDQ y6WSMVrFhBEBhKUO4GNXx5KQ2ibLGRJ2ZLBj+IyyeaqycbmQFe+jBVeO/ikEdb3Un7W+ rs7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uwlYb5TtslCWZuJIg0c5fFBPweRvwyNT2B+17eWN7DQ=; b=wSMu3V0tjthUIxq00EQo0Xd/ORwVYI5qnEzZ+tf2YpBWwatz9SLvjaok7yPlhq+4GD D2r6TgeKiNttEYj2k87dtYralzYyBegEP9QR8Rkm+vqnYjsYx83tqkJ4VjqdKa4laEM+ XxTeovSFJq5GJOekb2Zg0K6DThlQmdijdKXNdIKipRJxhtITRgQxkkKpNbLk0aaqIqWC VTtr83WULPYmssPfjewrnptFlWwRzR9+lEFqQDxUzGHhEP1qEtEO8pb8UIGGTjt3OieT kV+bKL30FQ/7MLu9fM9i0mBeajWaONiVhRe9p4h9PvJGXuaQC9sYu5rvxlUeyIv6R6jN 0wEw== X-Gm-Message-State: ANoB5pkixNgXIGop5sKjaIRCzKKOQPOSdQ28aZ+duX41xc4Q8Vok4ymq crXM5qXhPPNr3yKQZrjKGd02Vvh0uAjMUAtMtno= X-Google-Smtp-Source: AA0mqf7bp/KMZyjJG/Nw7Jq0hhUH2gskYFrRzVBZEdGZhnQC056fC1ajnukx6kezEJ10OAdCAprYz3mfS629wQzO7qk= X-Received: by 2002:a17:906:4351:b0:78d:513d:f447 with SMTP id z17-20020a170906435100b0078d513df447mr67023013ejm.708.1670443078360; Wed, 07 Dec 2022 11:57:58 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Alexei Starovoitov Date: Wed, 7 Dec 2022 11:57:47 -0800 Message-ID: Subject: Re: BUG: unable to handle kernel paging request in bpf_dispatcher_xdp To: Jiri Olsa Cc: Hao Sun , Peter Zijlstra , bpf , Alexei Starovoitov , Daniel Borkmann , John Fastabend , Andrii Nakryiko , Martin KaFai Lau , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , David Miller , Jakub Kicinski , Jesper Dangaard Brouer , Linux Kernel Mailing List , netdev Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 6, 2022 at 7:18 AM Jiri Olsa wrote: > > On Tue, Dec 06, 2022 at 02:46:43PM +0800, Hao Sun wrote: > > Hao Sun =E4=BA=8E2022=E5=B9=B412=E6=9C=886=E6=97= =A5=E5=91=A8=E4=BA=8C 11:28=E5=86=99=E9=81=93=EF=BC=9A > > > > > > Hi, > > > > > > The following crash can be triggered with the BPF prog provided. > > > It seems the verifier passed some invalid progs. I will try to simpli= fy > > > the C reproducer, for now, the following can reproduce this: > > > > > > HEAD commit: ab0350c743d5 selftests/bpf: Fix conflicts with built-in > > > functions in bpf_iter_ksym > > > git tree: bpf-next > > > console log: https://pastebin.com/raw/87RCSnCs > > > kernel config: https://pastebin.com/raw/rZdWLcgK > > > Syz reproducer: https://pastebin.com/raw/4kbwhdEv > > > C reproducer: https://pastebin.com/raw/GFfDn2Gk > > > > > > > Simplified C reproducer: https://pastebin.com/raw/aZgLcPvW > > > > Only two syscalls are required to reproduce this, seems it's an issue > > in XDP test run. Essentially, the reproducer just loads a very simple > > prog and tests run repeatedly and concurrently: > > > > r0 =3D bpf$PROG_LOAD(0x5, &(0x7f0000000640)=3D@base=3D{0x6, 0xb, > > &(0x7f0000000500)}, 0x80) > > bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)=3D{r0, 0x0, 0x0, 0x0, 0x0, > > 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) > > > > Loaded prog: > > 0: (18) r0 =3D 0x0 > > 2: (18) r6 =3D 0x0 > > 4: (18) r7 =3D 0x0 > > 6: (18) r8 =3D 0x0 > > 8: (18) r9 =3D 0x0 > > 10: (95) exit > > hi, > I can reproduce with your config.. it seems related to the > recent static call change: > c86df29d11df bpf: Convert BPF_DISPATCHER to use static_call() (not ftra= ce) > > I can't reproduce when I revert that commit.. Peter, any idea? Jiri, I see your tested-by tag on Peter's commit c86df29d11df. I assume you're actually tested it, but this syzbot oops shows that even empty bpf prog crashes, so there is something wrong with that commit. What is the difference between this new kconfig and old one that you've tested? I'm trying to understand the severity of the issues and whether we need to revert that commit asap since the merge window is about to start.