lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202212021131.5689048e-yujie.liu@intel.com>
Date:   Fri, 2 Dec 2022 12:11:22 +0800
From:   kernel test robot <yujie.liu@...el.com>
To:     Yang Jihong <yangjihong1@...wei.com>
CC:     <oe-lkp@...ts.linux.dev>, <lkp@...el.com>, <bpf@...r.kernel.org>,
        <ast@...nel.org>, <daniel@...earbox.net>, <andrii@...nel.org>,
        <martin.lau@...ux.dev>, <song@...nel.org>, <yhs@...com>,
        <john.fastabend@...il.com>, <kpsingh@...nel.org>, <sdf@...gle.com>,
        <haoluo@...gle.com>, <jolsa@...nel.org>,
        <illusionist.neo@...il.com>, <linux@...linux.org.uk>,
        <davem@...emloft.net>, <edumazet@...gle.com>, <kuba@...nel.org>,
        <pabeni@...hat.com>, <mykolal@...com>, <shuah@...nel.org>,
        <benjamin.tissoires@...hat.com>, <memxor@...il.com>,
        <colin.i.king@...il.com>, <asavkov@...hat.com>, <delyank@...com>,
        <linux-arm-kernel@...ts.infradead.org>,
        <linux-kernel@...r.kernel.org>, <netdev@...r.kernel.org>,
        <linux-kselftest@...r.kernel.org>, <yangjihong1@...wei.com>
Subject: Re: [PATCH bpf-next v3 1/4] bpf: Adapt 32-bit return value kfunc for
 32-bit ARM when zext extension

Greeting,

FYI, we noticed BUG:unable_to_handle_page_fault_for_address due to commit (built with gcc-11):

commit: 55f4010ffda9ca23ffea329ab4a32173c08dfa90 ("[PATCH bpf-next v3 1/4] bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext extension")
url: https://github.com/intel-lab-lkp/linux/commits/Yang-Jihong/bpf-Support-kernel-function-call-in-32-bit-ARM/20221126-175041
base: https://git.kernel.org/cgit/linux/kernel/git/bpf/bpf-next.git master
patch link: https://lore.kernel.org/all/20221126094530.226629-2-yangjihong1@huawei.com/
patch subject: [PATCH bpf-next v3 1/4] bpf: Adapt 32-bit return value kfunc for 32-bit ARM when zext extension

in testcase: boot

on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 16G

caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):


[   15.084098][    T1] BUG: unable to handle page fault for address: 0000000000002800
[   15.085808][    T1] #PF: supervisor read access in kernel mode
[   15.087049][    T1] #PF: error_code(0x0000) - not-present page
[   15.088246][    T1] PGD 0 P4D 0
[   15.089034][    T1] Oops: 0000 [#1] SMP PTI
[   15.089826][    T1] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.1.0-rc4-01174-g55f4010ffda9 #1
[   15.091616][    T1] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014
[ 15.093546][ T1] RIP: 0010:insn_def_regno (verifier.c:?) 
[ 15.094644][ T1] Code: e7 48 c7 04 24 00 00 00 00 48 c7 44 24 08 00 00 00 00 48 c7 44 24 10 00 00 00 00 48 8b 40 38 89 54 24 20 48 8b b0 d8 00 00 00 <8b> 96 00 28 00 00 e8 4a 69 38 00 80 38 00 75 8b b8 ff ff ff ff e9
All code
========
   0:	e7 48                	out    %eax,$0x48
   2:	c7 04 24 00 00 00 00 	movl   $0x0,(%rsp)
   9:	48 c7 44 24 08 00 00 	movq   $0x0,0x8(%rsp)
  10:	00 00 
  12:	48 c7 44 24 10 00 00 	movq   $0x0,0x10(%rsp)
  19:	00 00 
  1b:	48 8b 40 38          	mov    0x38(%rax),%rax
  1f:	89 54 24 20          	mov    %edx,0x20(%rsp)
  23:	48 8b b0 d8 00 00 00 	mov    0xd8(%rax),%rsi
  2a:*	8b 96 00 28 00 00    	mov    0x2800(%rsi),%edx		<-- trapping instruction
  30:	e8 4a 69 38 00       	callq  0x38697f
  35:	80 38 00             	cmpb   $0x0,(%rax)
  38:	75 8b                	jne    0xffffffffffffffc5
  3a:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  3f:	e9                   	.byte 0xe9

Code starting with the faulting instruction
===========================================
   0:	8b 96 00 28 00 00    	mov    0x2800(%rsi),%edx
   6:	e8 4a 69 38 00       	callq  0x386955
   b:	80 38 00             	cmpb   $0x0,(%rax)
   e:	75 8b                	jne    0xffffffffffffff9b
  10:	b8 ff ff ff ff       	mov    $0xffffffff,%eax
  15:	e9                   	.byte 0xe9
[   15.098134][    T1] RSP: 0000:ffffc900000138c8 EFLAGS: 00010246
[   15.099340][    T1] RAX: ffff88816567b000 RBX: ffffc90000013928 RCX: 0000000000000028
[   15.100892][    T1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900000138c8
[   15.102493][    T1] RBP: 000000000000002e R08: ffffffff81221490 R09: 0000000000000038
[   15.104099][    T1] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888100b8a000
[   15.105642][    T1] R13: 000000000000002e R14: 000000000000002e R15: 0000000000000002
[   15.107274][    T1] FS:  0000000000000000(0000) GS:ffff88842fd00000(0000) knlGS:0000000000000000
[   15.109060][    T1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   15.110337][    T1] CR2: 0000000000002800 CR3: 0000000002c16000 CR4: 00000000000406e0
[   15.111896][    T1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   15.113444][    T1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   15.114878][    T1] Call Trace:
[   15.117928][    T1]  <TASK>
[ 15.118985][ T1] opt_subreg_zext_lo32_rnd_hi32+0x17c/0x270 
[ 15.120228][ T1] bpf_check (??:?) 
[ 15.121087][ T1] bpf_prog_load (syscall.c:?) 
[ 15.122088][ T1] ? bpf_map_update_value (syscall.c:?) 
[ 15.123180][ T1] ? map_update_elem (syscall.c:?) 
[ 15.124165][ T1] __sys_bpf (syscall.c:?) 
[ 15.125016][ T1] bpf_sys_bpf (??:?) 
[ 15.125877][ T1] bpf_prog_99a0cd861b84ee07___loader.prog+0x4bc/0x51c 
[ 15.127203][ T1] kern_sys_bpf (??:?) 
[ 15.128096][ T1] bpf_load_and_run+0x154/0x1ba 
[ 15.129180][ T1] ? __kmalloc_node (??:?) 
[ 15.130186][ T1] load_skel (bpf_preload_kern.c:?) 
[ 15.131003][ T1] ? btf_vmlinux_init (bpf_preload_kern.c:?) 
[ 15.131905][ T1] load (bpf_preload_kern.c:?) 
[ 15.132632][ T1] do_one_initcall (??:?) 
[ 15.133524][ T1] do_initcalls (main.c:?) 
[ 15.134460][ T1] kernel_init_freeable (main.c:?) 
[ 15.135544][ T1] ? rest_init (main.c:?) 
[ 15.136437][ T1] kernel_init (main.c:?) 
[ 15.137317][ T1] ret_from_fork (??:?) 
[   15.138244][    T1]  </TASK>
[   15.138892][    T1] Modules linked in:
[   15.139733][    T1] CR2: 0000000000002800
[   15.140542][    T1] ---[ end trace 0000000000000000 ]---


If you fix the issue, kindly add following tag
| Reported-by: kernel test robot <yujie.liu@...el.com>
| Link: https://lore.kernel.org/oe-lkp/202212021131.5689048e-yujie.liu@intel.com


To reproduce:

        # build kernel
	cd linux
	cp config-6.1.0-rc4-01174-g55f4010ffda9 .config
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 olddefconfig prepare modules_prepare bzImage modules
	make HOSTCC=gcc-11 CC=gcc-11 ARCH=x86_64 INSTALL_MOD_PATH=<mod-install-dir> modules_install
	cd <mod-install-dir>
	find lib/ | cpio -o -H newc --quiet | gzip > modules.cgz


        git clone https://github.com/intel/lkp-tests.git
        cd lkp-tests
        bin/lkp qemu -k <bzImage> -m modules.cgz job-script # job-script is attached in this email

        # if come across any failure that blocks the test,
        # please remove ~/.lkp and /lkp dir to run from a clean state.


-- 
0-DAY CI Kernel Test Service
https://01.org/lkp

View attachment "config-6.1.0-rc4-01174-g55f4010ffda9" of type "text/plain" (170301 bytes)

View attachment "job-script" of type "text/plain" (4896 bytes)

Download attachment "dmesg.xz" of type "application/x-xz" (25704 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ